Download
| Alert*
|
oval:org.secpod.oval:def:602260
Two vulnerabilities have been found in unzip, a de-archiver for .zip files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7696 Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system we ... oval:org.secpod.oval:def:601868 Several vulnerabilities were found in c-icap, an ICAP server implementation, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts. oval:org.secpod.oval:def:602455 Marcin Noga discovered an integer underflow in Lhasa, a lzh archive decompressor, which might result in the execution of arbitrary code if a malformed archive is processed. oval:org.secpod.oval:def:602446 Guido Vranken discovered several vulnerabilities in dhcpcd, a DHCP client, which may result in denial of service. oval:org.secpod.oval:def:602440 It was discovered that libmatroska, an extensible open standard audio/video container format, incorrectly processed EBML lacing. By providing maliciously crafted input, an attacker could use this flaw to force some leakage of information located in the process heap memory. oval:org.secpod.oval:def:602471 It was discovered that fuseiso, a user-space implementation of the ISO 9660 file system based on FUSE, contains several vulnerabilities. CVE-2015-8836 A stack-based buffer overflow may allow attackers who can trick a user into mounting a crafted ISO 9660 file system to cause a denial of service , or ... oval:org.secpod.oval:def:602222 A vulnerability was found in screen causing a stack overflow which results in crashing the screen server process, resulting in denial of service. oval:org.secpod.oval:def:602252 Aleksandar Nikolic of Cisco Talos discovered a buffer overflow vulnerability in the XML parser functionality of miniupnpc, a UPnP IGD client lightweight library. A remote attacker can take advantage of this flaw to cause an application using the miniupnpc library to crash, or potentially to execute ... oval:org.secpod.oval:def:602035 Adam Sampson discovered a buffer overflow in the handling of the XAUTHORITY environment variable in das-watchdog, a watchdog daemon to ensure a realtime process won"t hang the machine. A local user can exploit this flaw to escalate his privileges and execute arbitrary code as root. oval:org.secpod.oval:def:602051 Emanuele Rocca discovered that ppp, a daemon implementing the Point-to-Point Protocol, was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon. oval:org.secpod.oval:def:602040 Stefan Roas discovered a way to cause a buffer overflow in DBD-FireBird, a Perl DBI driver for the Firebird RDBMS, in certain error conditions, due to the use of the sprintf function to write to a fixed-size memory buffer. oval:org.secpod.oval:def:602378 Stepan Golosunov discovered that xdelta3, a diff utility which works with binary files, is affected by a buffer overflow vulnerability within the main_get_appheader function, which may lead to the execution of arbitrary code. oval:org.secpod.oval:def:602393 Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of service or the execution of arbitrary code if a malformed FLI, PCD or Tiff files is processed. oval:org.secpod.oval:def:602382 Gustavo Grieco discovered an out-of-bounds write vulnerability in cpio, a tool for creating and extracting cpio archive files, leading to a denial of service . oval:org.secpod.oval:def:602047 John Lightsey discovered a format string injection vulnerability in the localisation of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user. oval:org.secpod.oval:def:602333 Crtc4L discovered a cross-site scripting vulnerability in wordpress, a web blogging tool, allowing a remote authenticated administrator to compromise the site. oval:org.secpod.oval:def:601816 Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication. oval:org.secpod.oval:def:602304 Several SQL injection vulnerabilities have been discovered in Cacti, an RRDTool frontend written in PHP. Specially crafted input can be used by an attacker in the rra_id value of the graph.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:602452 Several vulnerabilities were discovered in libebml, a library for manipulating Extensible Binary Meta Language files. CVE-2015-8789 Context-dependent attackers could trigger a use-after-free vulnerability by providing a maliciously crafted EBML document. CVE-2015-8790 Context-dependent attackers cou ... oval:org.secpod.oval:def:602261 John Stumpo discovered that OpenAFS, a distributed file system, does not fully initialize certain network packets before transmitting them. This can lead to a disclosure of the plaintext of previously processed packets. oval:org.secpod.oval:def:602052 James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn"t disable the ..raw directive, allowing remote attackers to include arbitrary files. oval:org.secpod.oval:def:24884 Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP, the constraints on the server certificat ... oval:org.secpod.oval:def:601941 Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occured. This would allow remote servers to obtain two different types of sensitive information: proxy passwords from the Proxy-Authorization header , or ... oval:org.secpod.oval:def:601985 Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and execu ... oval:org.secpod.oval:def:602390 Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:602175 It was discovered that OpenAFS, the implementation of the distributed filesystem AFS, contained several flaws that could result in information leak, denial-of-service or kernel panic. oval:org.secpod.oval:def:602244 It was discovered that FreeType did not properly handle some malformed inputs. This could allow remote attackers to cause a denial of service via crafted font files. oval:org.secpod.oval:def:601982 Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password authentication program, has a flaw in processing account names which contain double dashes. A remote attacker can use this flaw to cause a denial of service . oval:org.secpod.oval:def:601977 Jakub Wilk discovered that unace, an utility to extract, test and view .ace archives, contained an integer overflow leading to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ace archive, an attacker could cause a denial of service or, possibly, exe ... oval:org.secpod.oval:def:602434 Vincent LE GARREC discovered an integer overflow in pixman, a pixel-manipulation library for X and cairo. A remote attacker can exploit this flaw to cause an application using the pixman library to crash, or potentially, to execute arbitrary code with the privileges of the user running the applicati ... oval:org.secpod.oval:def:602321 Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak. oval:org.secpod.oval:def:602332 Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. oval:org.secpod.oval:def:602458 High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code. oval:org.secpod.oval:def:602000 Multiple vulnerabilities have been found the Drupal content management framework. More information can be found at https://www.drupal.org/SA-CORE-2015-001 oval:org.secpod.oval:def:602379 Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem. oval:org.secpod.oval:def:602325 Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitary code by injecting commands via crafted URLs. oval:org.secpod.oval:def:602415 Alvaro Muñoz and Christian Schneider discovered that BeanShell, an embeddable Java source interpreter, could be leveraged to execute arbitrary commands: applications including BeanShell in their classpath are vulnerable to this flaw if they deserialize data from an untrusted source. oval:org.secpod.oval:def:602016 Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9706 It was discovered that Dulwich allows writing ... oval:org.secpod.oval:def:601871 A flaw was discovered in mediawiki, a wiki engine: cross-domain-policy mangling allows an article editor to inject code into API consumers that deserialize PHP representations of the page from the API. oval:org.secpod.oval:def:601914 John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user"s preferred application, to execute arbitrary commands remotely. oval:org.secpod.oval:def:602014 A denial of service vulnerability was found in the Shibboleth Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash. oval:org.secpod.oval:def:602013 Jodie Cunningham discovered multiple vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened. oval:org.secpod.oval:def:602086 Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command. oval:org.secpod.oval:def:601943 Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service. oval:org.secpod.oval:def:602439 It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users. This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service, oval:org.secpod.oval:def:602328 It was discovered that a maliciously crafted packet can crash any of the isc-dhcp applications. This includes the DHCP client, relay, and server application. Only IPv4 setups are affected. oval:org.secpod.oval:def:602159 It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as "http" or " ... oval:org.secpod.oval:def:602402 Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site administrator ... oval:org.secpod.oval:def:602336 It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash. Someone with physical access to a machine could use this problem to bypass a locked session. oval:org.secpod.oval:def:601903 Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered a privilege escalation vulnerability in otrs2, the Open Ticket Request System. An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is con ... oval:org.secpod.oval:def:602098 The update for libmodule-signature-perl issued as DSA-3261-1 introduced a regression in the handling of the --skip option of cpansign. Updated packages are now available to address this regression. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in libmodu ... oval:org.secpod.oval:def:602099 Multiple vulnerabilities were discovered in libmodule-signature-perl, a Perl module to manipulate CPAN SIGNATURE files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-3406 John Lightsey discovered that Module::Signature could parses the unsigned portion ... oval:org.secpod.oval:def:601825 Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure. CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups. CVE-2014-3952 Kernel memory disclosure in sockbuf control messages. CVE-2014-3953 Kernel ... oval:org.secpod.oval:def:601970 Mateusz Kocielski and Marek Kroemeke discovered that an integer overflow in IGMP processing may result in denial of service through malformed IGMP packets. oval:org.secpod.oval:def:602100 It was discovered that by sending crafted Router Advertisement packets, an attacker on the local network could lower the Current Hop Limit and cause the system to lose the ability to communicate with another IPv6 node on a different network. Additionally, it was discovered that the patch applied to ... oval:org.secpod.oval:def:602048 adam@anope.org discovered several problems in inspircd, an IRC daemon: - an incomplete patch for CVE-2012-1836 failed to adequately resolve the problem where maliciously crafted DNS requests could lead to remote code execution through a heap-based buffer overflow. - the incorrect processing of speci ... oval:org.secpod.oval:def:601838 This update reverts the fix, so people are advised to keep kernel symlink protection enabled as it is by default on Wheezy, which is enough to prevent successful exploitation. oval:org.secpod.oval:def:602004 Several denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system. o Jowr discovered that very high DNS query load on a relay could trigger an assertion error. o A relay could crash with an assertion error if a buffer of exactly the wrong lay ... oval:org.secpod.oval:def:602274 The update for unzip issued as DSA-3386-1 introduced a regression when extracting 0-byte files. Updated packages are now available to address this regression. oval:org.secpod.oval:def:602273 The update for freexl issued as DSA-3208-1 introduced a regression when handling certain Microsoft Excel spreadsheets files. Updated packages are now available to address this regression. For reference the original advisory text follows. Jodie Cunningham discovered multiple vulnerabilities in freexl ... oval:org.secpod.oval:def:602289 This update backports changes from the commons-collections 3.2.2 release which disable the deserialisation of the functors classes unless the system property org.apache.commons.collections.enableUnsafeSerialization is set to "true". This fixes a vulnerability in unsafe applications deserialising obj ... oval:org.secpod.oval:def:602089 The update for dnsmasq issued as DSA-3251-1 introduced a regression for the armel and armhf builds causing dnsmasq failing to start under certain configurations. Updated packages are now available to address this regression. Additionally dnsmasq was patched to handle the case were the libc headers d ... oval:org.secpod.oval:def:601921 A vulnerability has been discovered in the web interface of sympa, a mailing list manager. An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file located on the server filesystem and readable by the sympa user. oval:org.secpod.oval:def:601920 The previous security update for OpenJDK 7, DSA-2987-1, introduced a regression due to an overly strict bytecode verifier. As a result, legitimate bytecode which is produced by some non-Java languages would no longer run. oval:org.secpod.oval:def:601919 A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-com- pressed XML elements over XMPP streams and consume all the resources of the server. The SAX XML parser lua-expat is also affected by this issues. For the stab ... oval:org.secpod.oval:def:601917 It was discovered that libmagic as used by PHP, would trigger an out of bounds memory access when trying to identify a crafted file. Additionally, this updates fixes a potential dependency loop in dpkg trigger handling. oval:org.secpod.oval:def:601909 Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy. oval:org.secpod.oval:def:601974 It was discovered that libgtk2-perl, a Perl interface to the 2.x series of the Gimp Toolkit library, incorrectly frees memory which GTK+ still holds onto and might access later, leading to denial of service or, potentially, to arbitrary code execution. oval:org.secpod.oval:def:601979 Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive12 project, is susceptible to a directory traversal vulnerability via absolute paths. oval:org.secpod.oval:def:602122 The update for jqueryui in DSA-3249-1 introduced a regression where direct usage of the file jquery.ui.dialog.js can get broken due to a missing function definition. oval:org.secpod.oval:def:602169 It was discovered that an integer overflow in freexl, a library to parse Microsoft Excel spreadsheets may result in denial of service if a malformed Excel file is opened. oval:org.secpod.oval:def:602312 It was discovered that the Mechanism plugin of Blueman, a graphical Bluetooth manager, allows local privilege escalation. oval:org.secpod.oval:def:602461 The update for didiwiki issued as DSA-3485-1 introduced a regression that caused a large number of valid pages to not be accessible anymore. This occurred mostly for pages whose names started with non-ascii characters. oval:org.secpod.oval:def:602462 Several vulnerabilities were discovered in Imagemagick, a program suite for image manipulation. This update fixes a large number of potential security problems such as null-pointer access and buffer-overflows that might lead to memory leaks or denial of service. Any of these security problems have a ... oval:org.secpod.oval:def:602428 This update disables the Graphite font shaping library in Iceweasel, Debian"s version of the Mozilla Firefox web browser. oval:org.secpod.oval:def:602331 The update for ganeti issued as DSA-3431-1 causes the gnt-instance info command to fail for all instances of type DRBD. Updated packages are now available to address this regression. For reference the original advisory text follows. Pierre Kim discovered two vulnerabilities in the restful API of Gan ... oval:org.secpod.oval:def:602363 Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2221 Shailesh Suthar discovered an open redirection vulnerability. CVE-2016-2222 Ronni Skansing discovered a server-side request forgery ... oval:org.secpod.oval:def:602391 The wheezy part of the previous gajim update, DSA-3492-1, was incorrectly built resulting in an unsatisfiable dependency. This update corrects that problem. For reference, the original advisory text follows. Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabber client. Gajim didn"t veri ... oval:org.secpod.oval:def:602385 Multiple security vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-001 oval:org.secpod.oval:def:601860 Several vulnerabilities have been discovered in getmail4, a mail retriever with support for POP3, IMAP4 and SDPS, that could allow man-in-the-middle attacks. CVE-2014-7273 The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allo ... oval:org.secpod.oval:def:601993 Thomas Klute discovered that in mod-gnutls, an Apache module providing SSL and TLS encryption with GnuTLS, a bug caused the server"s client verify mode not to be considered at all, in case the directory"s configuration was unset. Clients with invalid certificates were then able to leverage this flaw ... oval:org.secpod.oval:def:601938 Two vulnerabilities have been discovered in VirtualBox, a x86 virtualisation solution, which might result in denial of service. oval:org.secpod.oval:def:602227 This update fixes an unspecified security issue in VirtualBox related to guests using bridged networking via WiFi. Oracle no longer provides information on specific security vulnerabilities in VirtualBox. To still support users of the already released Debian releases we"ve decided to update these to ... oval:org.secpod.oval:def:602259 Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution. oval:org.secpod.oval:def:602287 Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests. oval:org.secpod.oval:def:23238 Fabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia player and streamer: CVE-2014-9626 The MP4 demuxer, when parsing string boxes, did not properly check the length of the box, leading to a possible integer underflow when using this length value in a call to memcpy. This could ... oval:org.secpod.oval:def:602343 Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges. oval:org.secpod.oval:def:602277 Several vulnerabilities have been discovered in wpa_supplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked transfer ... oval:org.secpod.oval:def:602478 Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies. oval:org.secpod.oval:def:602117 Tuomas Räsänen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. Tuomas Räsänen also discovered that ... oval:org.secpod.oval:def:601801 Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection. oval:org.secpod.oval:def:601805 Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2014-3694 It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates. CVE-2014-3695 Yves Younan and Richard Johnson discovered th ... oval:org.secpod.oval:def:601826 It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption. oval:org.secpod.oval:def:601819 An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted message that crash to component causing a denial of services or disclosure of information from process memory. oval:org.secpod.oval:def:601872 Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. oval:org.secpod.oval:def:601910 It was discovered that lsyncd, a daemon to synchronize local directories using rsync, performed insufficient sanitising of filenames which might result in the execution of arbitrary commands. oval:org.secpod.oval:def:601852 Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9031 Jouko Pynnonen discovered an unauthen ... oval:org.secpod.oval:def:601867 Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit queries to the server can trick the resolver into following an endless series of delegations, l ... oval:org.secpod.oval:def:601901 Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. oval:org.secpod.oval:def:601854 Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload. oval:org.secpod.oval:def:601839 Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-9015 Aaron Averill discovered that a specially crafted request can give a user access to another user"s session, al ... oval:org.secpod.oval:def:601951 Michal Zalewski and Hanno Boeck discovered several vulnerabilities in unrtf, a RTF to other formats converter, leading to a denial of service or, potentially, the execution of arbitrary code. oval:org.secpod.oval:def:601939 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0219 Jedediah Smith reported that the WSGI environ in Django does not distinguish between headers containing ... oval:org.secpod.oval:def:601928 James Clawson discovered that websvn, a web viewer for Subversion repositories, would follow symlinks in a repository when presenting a file for download. An attacker with repository write access could thereby access any file on disk readable by the user the webserver runs as. oval:org.secpod.oval:def:601848 A flaw was discovered in mutt, a text-based mailreader. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition. oval:org.secpod.oval:def:602256 Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL. CVE-2014-8958 Multiple cross-site scripting vulnerabilities. CVE-2014-9218 Denial of service via a long password. CVE-2015-2206 Risk of BREACH attack due to reflected parameter. CVE-2015-3902 XSRF/CSRF vulnerabi ... oval:org.secpod.oval:def:601837 Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack. oval:org.secpod.oval:def:601973 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9472 Christian Loos discovered a remote denial of service vulnerability, exploitable via the em ... oval:org.secpod.oval:def:602028 Multiple vulnerabilities have been discovered in arj, an open source version of the arj archiver. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0556 Jakub Wilk discovered that arj follows symlinks created during unpacking of an arj archive. A remote att ... oval:org.secpod.oval:def:602026 Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system: CVE-2015-2928 "disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inac ... oval:org.secpod.oval:def:602294 It was discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validates the first byte of padding in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. oval:org.secpod.oval:def:602038 Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary files in the user"s home directory if malicious campaigns/maps are loaded. oval:org.secpod.oval:def:602097 Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code. oval:org.secpod.oval:def:602075 Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface to the libxml2 library, did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected ressources, depending o ... oval:org.secpod.oval:def:602034 Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file . Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian arc ... oval:org.secpod.oval:def:601803 Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process. oval:org.secpod.oval:def:602066 Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands. More information can be found in the ... oval:org.secpod.oval:def:602221 Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service . oval:org.secpod.oval:def:602110 Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause the IKE daemon to crash via specially crafted UDP packets, resulting in a denial of service. oval:org.secpod.oval:def:601817 Chad Vizino reported a vulnerability in torque, a PBS-derived batch processing queueing system. A non-root user could exploit the flaw in the tm_adopt library call to kill any process, including root-owned ones on any node in a job. oval:org.secpod.oval:def:602096 Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some fun ... oval:org.secpod.oval:def:602115 The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154. For reference the original advisory text follows. Multiple vulne ... oval:org.secpod.oval:def:602012 Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause reso ... oval:org.secpod.oval:def:602113 Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the envi ... oval:org.secpod.oval:def:602112 Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features v ... oval:org.secpod.oval:def:602108 The patch applied for ntfs-3g to fix CVE-2015-3202 in DSA 3268-1 was incomplete. This update corrects that problem. For reference the original advisory text follows. Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umo ... oval:org.secpod.oval:def:602011 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack. oval:org.secpod.oval:def:602149 Several vulnerabilities were found in drupal7, a content management platform used to power websites. CVE-2015-3231 Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users. CVE-2015-3232 A flaw in the Field UI module made it possible for attac ... oval:org.secpod.oval:def:601944 Florian Weimer, of Red Hat Product Security, discovered an issue in condor, a distributed workload management system. Upon job completion, it can optionally notify a user by sending an email; the mailx invocation used in that process allowed for any authenticated user able to submit jobs, to execute ... oval:org.secpod.oval:def:602384 Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. Th ... oval:org.secpod.oval:def:602163 Several vulnerabilities were discovered in Django, a high-level Python web development framework: CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in th ... oval:org.secpod.oval:def:602065 The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentia ... oval:org.secpod.oval:def:602263 Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter ... oval:org.secpod.oval:def:602183 Tomek Rabczak from the NCC Group discovered a flaw in the normalize_params method in Rack, a modular Ruby webserver interface. A remote attacker can use this flaw via specially crafted requests to cause a `SystemStackError` and potentially cause a denial of service condition for the service. oval:org.secpod.oval:def:602196 It was discovered that Request Tracker, an extensible trouble-ticket tracking system is susceptible to a cross-site scripting attack via the user an group rights management pages and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject JavaScript into RT"s use ... oval:org.secpod.oval:def:602451 It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This allows input validation to be bypassed, even if MPV is not used directly. oval:org.secpod.oval:def:602214 Several vulnerabilities were discovered in Drupal, a content management framework: CVE-2015-6658 The form autocomplete functionality did not properly sanitize the requested URL, allowing remote attackers to perform a cross-site scripting attack. CVE-2015-6659 The SQL comment filtering system could a ... oval:org.secpod.oval:def:602367 It was discovered that polarssl, a library providing SSL and TLS support, contained two heap-based buffer overflows that could allow a remote attacker to trigger denial of service or arbitrary code execution. oval:org.secpod.oval:def:602225 Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges. oval:org.secpod.oval:def:602339 When sudo is configured to allow a user to edit files under a directory that they can already write to without using sudo, they can actually edit arbitrary files. Daniel Svartman reported that a configuration like this might be introduced unintentionally if the editable files are specified using wi ... oval:org.secpod.oval:def:602136 Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current director ... oval:org.secpod.oval:def:602284 Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application"s settings. oval:org.secpod.oval:def:602197 Lin Hua Cheng discovered that a session could be created when anonymously accessing the django.contrib.auth.views.logout view. This could allow remote attackers to saturate the session store or cause other users" session records to be evicted. Additionally the contrib.sessions.backends.base.SessionB ... oval:org.secpod.oval:def:602268 Pengsu Cheng discovered that FreeImage, a library for graphic image formats, contained multiple integer underflows that could lead to a denial of service: remote attackers were able to trigger a crash by supplying a specially crafted image. oval:org.secpod.oval:def:602392 Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn"t verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages. oval:org.secpod.oval:def:602357 Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server. CVE-2015-8747 The multifilesystem storage backend allows read and write access to arbitrary files . CVE-2015-8748 If an attacker is able to authenticate with a user name like `.*", he can bypass read/write limitations imposed by r ... oval:org.secpod.oval:def:602329 Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-1231 Kim Alvefur discovered a flaw in Prosody"s HTTP file-serving module that allows it to serve requests outside of the config ... oval:org.secpod.oval:def:602355 It was discovered that privoxy, a web proxy with advanced filtering capabilities, contained invalid reads that could enable a remote attacker to crash the application, thus causing a Denial of Service. oval:org.secpod.oval:def:602356 It was discovered that insecure handling of dialback keys may allow a malicious XMPP server to impersonate another server. oval:org.secpod.oval:def:602301 Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library for email transfer, used by many CMSs. The library accepted email addresses and SMTP commands containing line breaks, which can be abused by an attacker to inject messages. oval:org.secpod.oval:def:602191 Several security issues have been found in the server components of the version control system subversion. CVE-2015-3184 Subversion"s mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous ... oval:org.secpod.oval:def:602417 A local root privilege escalation vulnerability was found in Exim, Debian"s default mail transfer agent, in configurations using the "perl_startup" option . To address the vulnerability, updated Exim versions clean the complete execution environment by default, affecting Exim and subprocesses such a ... oval:org.secpod.oval:def:602386 Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks. oval:org.secpod.oval:def:602464 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication credentia ... oval:org.secpod.oval:def:602409 Markus Vervier of X41 D-Sec GmbH discovered an integer overflow vulnerability in libotr, an off-the-record messaging library, in the way how the sizes of portions of incoming messages were stored. A remote attacker can exploit this flaw by sending crafted messages to an application that is using li ... oval:org.secpod.oval:def:602167 Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:602450 Several vulnerabilities were discovered in imlib2, an image manipulation library. CVE-2014-9762 A segmentation fault could occur when opening GIFs without a colormap. CVE-2014-9763 Several divisions by zero, resulting in a program crash, could occur when handling PNM files. CVE-2014-9764 A segmentat ... oval:org.secpod.oval:def:602371 Several vulnerabilities were discovered in the resolver in nginx, a small, powerful, scalable web/proxy server, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file. oval:org.secpod.oval:def:601205 Several issues have been discovered in mumble, a low latency VoIP client. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-0044 It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of ... oval:org.secpod.oval:def:601206 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. The IDs mentioned above are just a portion of the security issues fixed in this update oval:org.secpod.oval:def:601201 A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban. oval:org.secpod.oval:def:601203 Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the app ... oval:org.secpod.oval:def:601202 Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. oval:org.secpod.oval:def:601209 It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition. oval:org.secpod.oval:def:601208 Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code. oval:org.secpod.oval:def:601229 Multiple cross-site scripting vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attackers can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copy_move.php, functions.php, header.php a ... oval:org.secpod.oval:def:601228 It was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly the ... oval:org.secpod.oval:def:601224 Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the app ... oval:org.secpod.oval:def:601220 Several vulnerabilities were discovered in otrs2, the Open Ticket Request System. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-1471 Norihiro Tanaka reported missing challenge token checks. An attacker that managed to take over the session of a logged i ... oval:org.secpod.oval:def:601699 Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email: ... oval:org.secpod.oval:def:601217 A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and ... oval:org.secpod.oval:def:601212 Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future. CVE-2013-6478 Pidgin could be crashed through overly ... oval:org.secpod.oval:def:601214 Holger Levsen discovered that parcimonie, a privacy-friendly helper to refresh a GnuPG keyring, is affected by a design problem that undermines the usefulness of this piece of software in the intended threat model. When using parcimonie with a large keyring , it would always sleep exactly ten minute ... oval:org.secpod.oval:def:601213 The security update released in DSA-2850-1 for libyaml introduced a regression in libyaml failing to parse a subset of valid yaml documents. For reference the original advisory text follows. Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, ... oval:org.secpod.oval:def:601210 It was discovered by the Spring development team that the fix for the XML External Entity Injection in the Spring Framework was incomplete. Spring MVC"s SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. So ... oval:org.secpod.oval:def:601127 Multiple security issues in systemd have been discovered by Sebastian Krahmer and Florian Weimer: Insecure interaction with DBUS could lead to the bypass of Policykit restrictions and privilege escalation or denial of service through an integer overflow in journald and missing input sanitising in th ... oval:org.secpod.oval:def:601129 A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the generator when multiple processes are forked from the same parent. This would lead it to generate identical output on all proce ... oval:org.secpod.oval:def:601123 Markus Pieton and Vytautas Paulikas discovered that the embedded video and audio player in the TYPO3 web content management system is suspectible to cross-site-scripting. oval:org.secpod.oval:def:601126 Robert Matthews discovered that the Apache FCGID module, a FastCGI implementation for Apache HTTP Server, fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing ... oval:org.secpod.oval:def:601120 Hamid Zamani discovered multiple security problems , which could lead to the execution of arbitrary code. oval:org.secpod.oval:def:601122 It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure. The software offers no runtime configuration options to disable these. This update disables the use of SSLv2 and weak ciphers. The updated package for Debian 7 also c ... oval:org.secpod.oval:def:601117 A heap-based buffer overflow vulnerability was found in icedtea-web, a web browser plugin for running applets written in the Java programming language. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user ... oval:org.secpod.oval:def:601116 Kingcope discovered that the mod_sftp and mod_sftp_pam modules of proftpd, a powerful modular FTP/SFTP/FTPS server, are not properly validating input, before making pool allocations. An attacker can use this flaw to conduct denial of service attacks against the system running proftpd . oval:org.secpod.oval:def:601119 John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system. The torque authentication model revolves around the use of privileged ports. If a request is not made from a privileged port then it is assumed not to be ... oval:org.secpod.oval:def:601118 Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-5691 Loganaden Velvindron and Gleb Smirnoff discovered that the SIOCSIFADDR, S ... oval:org.secpod.oval:def:601112 It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field. A remote attacker in the position to obtain a certificate for "www.foo.org\0.example.com" from a CA that a SSL client trust ... oval:org.secpod.oval:def:601114 Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation. oval:org.secpod.oval:def:601110 Several vulnerabilities were discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4761 The "resource_type" service could be used to make puppet load arbitrary Ruby code from puppet master"s ... oval:org.secpod.oval:def:601149 Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain. The de ... oval:org.secpod.oval:def:601146 Several vulnerabilities have been discovered in the lighttpd web server. CVE-2013-4508 It was discovered that lighttpd uses weak ssl ciphers when SNI is enabled. This issue was solved by ensuring that stronger ssl ciphers are used when SNI is selected. CVE-2013-4559 The clang static analyzer was us ... oval:org.secpod.oval:def:601145 Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system. A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands ... oval:org.secpod.oval:def:601142 Multiple vulnerabilities were discovered in the dissectors for IEEE 802.15.4, NBAP, SIP and TCP, which could result in denial of service. The oldstable distribution is only affected by CVE-2013-6340. This problem has been fixed in version 1.2.11-6+squeeze13. oval:org.secpod.oval:def:601141 Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client ha ... oval:org.secpod.oval:def:601144 Several vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site request forgery on logout, cross-site scripting on author page, and PHP injection. oval:org.secpod.oval:def:601143 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. The CVE IDs mentioned above are just a small portion of the security issues fixed in this update oval:org.secpod.oval:def:601140 A flaw was found in the way the Mozilla Network Security Service library read uninitialized data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service for applications linked with the nss library. The oldstable distribution is not affected by this ... oval:org.secpod.oval:def:601139 A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links. By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a denial of service or an authorization bypass . oval:org.secpod.oval:def:601136 It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing rando ... oval:org.secpod.oval:def:601131 Multiple security issues have been discovered in PolarSSL, a lightweight crypto and SSL/TLS library: CVE-2013-4623 Jack Lloyd discovered a denial of service vulnerability in the parsing of PEM-encoded certificates. CVE-2013-5914 Paul Brodeur and TrustInSoft discovered a buffer overflow in the ssl_re ... oval:org.secpod.oval:def:601167 Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-6048 The Munin::Master::Node module of munin does not properly validate certain data a node sends ... oval:org.secpod.oval:def:601166 A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service via a GET request with trailing whitespace characters and no URI. oval:org.secpod.oval:def:601160 Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service via application crash or high memory consumption, possible code execution through heap buffer overflows , information disclosure , or yet another heap buffer overflow that only ap ... oval:org.secpod.oval:def:601162 Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute ... oval:org.secpod.oval:def:601157 Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon: CVE-2013-2236 A buffer overflow was found in the OSPF API-server . CVE-2013-6051 bgpd could be crashed through BGP updates. This only affects Wheezy/stable. oval:org.secpod.oval:def:601156 Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: Cross-site request forgery, insecure pseudo random number generation, code execution, incorrect security token validation and cross-site scripting. In order to avoid the remote code execution vuln ... oval:org.secpod.oval:def:601159 joernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email. CVE-2013-4478 Sup wrongly handled the filename of attachments. CVE-2013-4479 Sup did not sanitize the content ... oval:org.secpod.oval:def:601152 It was discovered that nbd-server, the server for the Network Block Device protocol, did incorrect parsing of the access control lists, allowing access to any hosts with an IP address sharing a prefix with an allowed address. oval:org.secpod.oval:def:601155 Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode. oval:org.secpod.oval:def:601154 Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:601151 The update for curl in DSA-2798-1 uncovered a regression affecting the curl command line tool behaviour . This update disables host verification too when using the --insecure option. For the oldstable distribution , this problem has been fixed in version 7.21.0-2.1+squeeze6. For the stable distribut ... oval:org.secpod.oval:def:601150 It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification. oval:org.secpod.oval:def:601189 Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-4971 Stefan Bucur reported that memcached could be caused to crash by sending a specially crafted packet. ... oval:org.secpod.oval:def:601186 Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm and no longer uses the RdRand feature available on some Intel CPUs as a ... oval:org.secpod.oval:def:601185 Several vulnerabilities have been discovered in uscan, a tool to scan upstream sits for new releases of packages, which is part of the devscripts package. An attacker controlling a website from which uscan would attempt to download a source tarball could execute arbitrary code with the privileges of ... oval:org.secpod.oval:def:601187 Anton Johannson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. The oldstable distribution is not affected. oval:org.secpod.oval:def:601181 An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. oval:org.secpod.oval:def:601184 Jan Juergens discovered a buffer overflow in the parser for SMS messages in Asterisk. In stable and oldstable this option is disabled by default. To enable it add the following line to the section "[options]" in /etc/asterisk/asterisk.conf live_dangerously = no oval:org.secpod.oval:def:601183 Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. oval:org.secpod.oval:def:601175 Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend. The default configuration for the curl package is not affected by this issue since the digital sign ... oval:org.secpod.oval:def:601177 It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the ... oval:org.secpod.oval:def:601170 It was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems. oval:org.secpod.oval:def:601173 Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to ... oval:org.secpod.oval:def:601172 Laurent Butti and Garming Sam discored multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601191 A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine. oval:org.secpod.oval:def:601196 Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-1475 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a ... oval:org.secpod.oval:def:601199 The fix for CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource. The oldstable distribution is not affected by this regression. For the stable distribution , this problem has been fixed in version 2.7.23-1~deb7u3. For the testing distribution ... oval:org.secpod.oval:def:601198 Multiple security issues have been found in Libvirt, a virtualisation abstraction library: CVE-2013-6458 It was discovered that insecure job usage could lead to denial of service against libvirtd. CVE-2014-1447 It was discovered that a race condition in keepalive handling could lead to denial of ser ... oval:org.secpod.oval:def:601192 Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco"s reference implementation of the Secure Real-time Transport Protocol , in how the crypto_policy_set_from_profile_for_rtp function applies cryptographic profiles to an srtp_policy. A remote attacker could expl ... oval:org.secpod.oval:def:601195 Alvaro Munoz discovered a XML External Entity injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites. The Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. There are four possible source i ... oval:org.secpod.oval:def:601194 Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-0978 It was discovered that user-supplied input used in the yyerror function in lib/cgraph/scan.l is not ... oval:org.secpod.oval:def:601702 Jean-Rene Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop. oval:org.secpod.oval:def:601701 Multiple security issues have been found in Cacti, a web frontend for RRDTool. oval:org.secpod.oval:def:601708 A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute th ... oval:org.secpod.oval:def:601703 Jean-René Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop. oval:org.secpod.oval:def:601706 Multiple buffer overflows have been found in the VideoLAN media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:601721 Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitali ... oval:org.secpod.oval:def:601726 Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601727 CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script. oval:org.secpod.oval:def:601711 Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting. More information can be found at https://www.drupal.org/SA-CORE-2014-003 oval:org.secpod.oval:def:601710 Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resultin ... oval:org.secpod.oval:def:601713 Don A. Baley discovered an integer overflow in the lzo compression handler which could result in the execution of arbitrary code. oval:org.secpod.oval:def:601712 Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution. oval:org.secpod.oval:def:601715 Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection. oval:org.secpod.oval:def:601714 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4995 Authenticatd users could inject arbitrary web script or HTML via a crafted SQL query. CVE-2013-4996 C ... oval:org.secpod.oval:def:601716 The update released for davfs2 in DSA 2765 had a version number for Debian 7 "wheezy" that sorts lower than the version in Debian 6 "squeeze", causing problems on upgrades. This update makes a package of davfs2 in wheezy available which corrects only the version number. For refer ... oval:org.secpod.oval:def:601744 A denial of service vulnerability was discovered in Drupal, a fully-featured content management framework. A remote attacker could exploit this flaw to cause CPU and memory exhaustion and the site"s database to reach the maximum number of open connections, leading to the site becoming unavailable or ... oval:org.secpod.oval:def:601745 It was discovered that the acpi-support update for DSA-2984-1 would make a laptop"s power button forcibly shut the system down, instead of triggering the configured action . This only affects systems using the gnome-settings-daemon. For reference, the original advisory follows. CESG discovered a roo ... oval:org.secpod.oval:def:601740 Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks. o Relay-early cells could be used by colluding relays on the network to tag user circuits and so deploy traffic confirmation attacks [CVE-2014-5117]. The updated ... oval:org.secpod.oval:def:601742 Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation. oval:org.secpod.oval:def:601748 Multiple vulnerabilities were discovered in the dissectors for Catapult DCT2000, IrDA, GSM Management, RLC ASN.1 BER, which could result in denial of service. oval:org.secpod.oval:def:601747 Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/08/wordpress-3-9-2/ oval:org.secpod.oval:def:601749 Jakub Wilk discovered a remote command execution flaw in reportbug, a tool to report bugs in the Debian distribution. A man-in-the-middle attacker could put shell metacharacters in the version number allowing arbitrary code execution with the privileges of the user running reportbug. oval:org.secpod.oval:def:601738 Don A. Bailey from Lab Mouse Security discovered an integer overflow flaw in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, wou ... oval:org.secpod.oval:def:601762 It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash and clickjacking between OutputPage and ParserOutput . The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes. oval:org.secpod.oval:def:601763 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0480 Florian Apolloner discovered that in certain situations, URL reversing could generate scheme-relative UR ... oval:org.secpod.oval:def:601760 Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code. oval:org.secpod.oval:def:601757 Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed. oval:org.secpod.oval:def:601752 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library oval:org.secpod.oval:def:601758 Multiple security issues have been discovered in Cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:601788 It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting. oval:org.secpod.oval:def:601780 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library oval:org.secpod.oval:def:601782 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position. oval:org.secpod.oval:def:601781 Multiple SQL injection vulnerabilities have been discovered in the Mantis bug tracking system. oval:org.secpod.oval:def:601776 It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data , performs incorrect verification of 304 replies , does not perform the checksum check when the Acquire::GzipIndexes option is used and does not properly perform validation for binary packa ... oval:org.secpod.oval:def:601779 The previous update for apt, DSA-3025-1, introduced a regression when file:/// sources are used and those are on a different partition than the apt state directory. This update fixes the regression. For reference, the original advisory follows. It was discovered that APT, the high level package mana ... oval:org.secpod.oval:def:601773 Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys . In addition, this update hardens GnuPG"s behaviour when treating keyserver responses; GnuPG now filters keyserver responses to only accepts those keyid"s actually requested by the user. oval:org.secpod.oval:def:601772 During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user"s environment. This could lead to program malfunction or allow a local user to escalate privileges to the root user due to a programming error. oval:org.secpod.oval:def:601775 Two vulnerabilities have been discovered in cURL, an URL transfer library. They can be use to leak cookie information: CVE-2014-3613 By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies ... oval:org.secpod.oval:def:601799 Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool to build tag file indexes of source code definitions: Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service. oval:org.secpod.oval:def:601797 Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. oval:org.secpod.oval:def:601796 It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS, on ... oval:org.secpod.oval:def:601792 Guillem Jover discovered that the changelog retrieval functionality in apt-get used temporary files in an insecure way, allowing a local user to cause arbitrary files to be overwritten. This vulnerability is neutralized by the fs.protected_symlinks setting in the Linux kernel, which is enabled by de ... oval:org.secpod.oval:def:601106 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. Thi ... oval:org.secpod.oval:def:601105 Multiple vulnerabilities were discovered in the dissectors for LDAP, RTPS and NBAP and in the Netmon file parser, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601107 It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords. A non-authenticated remote attacker could mount a denial of service by submitting arbitrarily large passwords, tying up server resources in the expe ... oval:org.secpod.oval:def:601102 It was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialized variable being passed to longjmp. This is a differ ... oval:org.secpod.oval:def:601101 Andreas Beckmann discovered that phpBB, a web forum, as installed in Debian, sets incorrect permissions for cached files, allowing a malicious local user to overwrite them. oval:org.secpod.oval:def:601104 It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential. oval:org.secpod.oval:def:601103 Rainer Koirikivi discovered a directory traversal vulnerability with "ssi" template tags in python-django, a high-level Python web development framework. It was shown that the handling of the "ALLOWED_INCLUDE_ROOTS" setting, used to represent allowed prefixes for the {% ssi %} template tag, is vulne ... oval:org.secpod.oval:def:601109 Florian Weimer discovered two security problems in the Chrony time synchronisation software . oval:org.secpod.oval:def:601100 Several vulnerabilities have been discovered in libmodplug, a library for mod music based on ModPlug, that might allow arbitrary code execution when processing specially-crafted ABC files through applications using the library, such as media players. oval:org.secpod.oval:def:601248 In the Mediawiki update issued as DSA 2891-1, a few files were missing from the package. This update corrects that problem. For reference, the original advisory text follows. Several vulnerabilities were discovered in MediaWiki, a wiki engine. The Common Vulnerabilities and Exposures project describ ... oval:org.secpod.oval:def:601244 Several vulnerabilities have been found in a2ps, an "Anything to PostScript" converter and pretty-printer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2001-1593 The spy_user function which is called when a2ps is invoked with the --debug flag insecurely use ... oval:org.secpod.oval:def:601247 An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database. The oldstable distribution does not contain postfixadmin. oval:org.secpod.oval:def:601240 Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to c ... oval:org.secpod.oval:def:601242 Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to c ... oval:org.secpod.oval:def:601233 Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed. oval:org.secpod.oval:def:601236 It was discovered that the recent file update, DSA-2873-1, introduced a regression in the recognition of Perl scripts containing BEGIN code blocks. oval:org.secpod.oval:def:601235 Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86 virtualisation solution, resulting in denial of service, privilege escalation and an information leak. oval:org.secpod.oval:def:601230 Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:601232 Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module . This only affects installations with the lighttpd-mod-my ... oval:org.secpod.oval:def:601028 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:41911 Vulnerability in Apache Struts allows a remote attacker to execute arbitrary code on any server running an application built using the Struts framework and the popular REST communication plugin. The weakness is caused by the way Struts deserializes untrusted data oval:org.secpod.oval:def:601025 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601267 The update for prosody in DSA 2895 caused a regression when a client logins with the compression functionality activated. This update corrects that problem. For reference, the original advisory text follows. A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compressio ... oval:org.secpod.oval:def:601024 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601026 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601263 Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host ... oval:org.secpod.oval:def:601020 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601262 Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0165 A user with a contributor role, using a specially crafted request, can publish posts, which is reserved for users of the next-h ... oval:org.secpod.oval:def:601023 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601265 An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association handled some state transitions incorrectly. An attacker can trigger the vulnerability by rekeying an unestablished IKE_SA duri ... oval:org.secpod.oval:def:601022 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601264 Francisco Falcon discovered that missing input sanisiting in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system. oval:org.secpod.oval:def:601261 Two vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0138 Steve Holme discovered that libcurl can in some circumstances re-use the wrong connection when asked to do transfers using othe ... oval:org.secpod.oval:def:601260 Florian Weimer of the Red Hat product security team discovered multiple buffer overflows in jbigkit, which could lead to the execution of arbitrary code when processing malformed images. oval:org.secpod.oval:def:601018 Adam Nowacki discovered that the new FreeBSD NFS implementation processes a crafted READDIR request which instructs to operate a file system on a file node as if it were a directory node, leading to a kernel crash or potentially arbitrary code execution. The kfreebsd-8 kernel in the oldstable distri ... oval:org.secpod.oval:def:601017 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4733 A user with the ModifyTicket right can bypass the DeleteTicket right or any custom lifecyc ... oval:org.secpod.oval:def:601019 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601013 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1918 Several long latency operations are not preemptible Some page table manipulation operations for PV guests were not made preemptible, ... oval:org.secpod.oval:def:601258 Multiple security issues were found in the Tomcat servlet and JSP engine: CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login for ... oval:org.secpod.oval:def:601257 Several buffer overflows were found in Imagemagick, a suite of image manipulation programs. Processing malformed PSD files could lead to the execution of arbitrary code. oval:org.secpod.oval:def:601251 The Mediawiki update issued as DSA 2891-1 caused regressions. This update fixes those problems. For reference the original advisory text follows. Several vulnerabilities were discovered in MediaWiki, a wiki engine. The Common Vulnerabilities and Exposures project describers the followin issues: CVE- ... oval:org.secpod.oval:def:601012 Debian 7.x is installed oval:org.secpod.oval:def:601011 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.31, which includes additional changes, such as performance improvements and corrections for data loss defects. oval:org.secpod.oval:def:601250 Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework. CVE-2014-0054 Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities. CVE-2014-1904 Spring MVC introduces a cross-site scripting vulnerability if the action on a Sprin ... oval:org.secpod.oval:def:601048 Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a ... oval:org.secpod.oval:def:601287 Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts. By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash or ... oval:org.secpod.oval:def:601044 A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitt ... oval:org.secpod.oval:def:601041 A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website. oval:org.secpod.oval:def:601283 A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE/IPsec suite used to establish IPsec protected links. By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a null pointer dereference in the daemon parsing th ... oval:org.secpod.oval:def:601040 A regression was discovered in the security update for libxvmc, causing segfaults with some applications. Updated packages are available to address this problem. For reference, the original advisory text follows. Ilja van Sprundel of IOActive discovered several security issues in multiple components ... oval:org.secpod.oval:def:601039 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601036 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601278 Alex Chapman discovered that a buffer overflow in processing "MMS over HTTP" messages could result in the execution of arbitrary code. oval:org.secpod.oval:def:601035 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601277 Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked. The update to the stable distribution incorporates non-security ... oval:org.secpod.oval:def:601038 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601037 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601279 John Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMIT_NPROC attacks. oval:org.secpod.oval:def:601032 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601031 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601034 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601033 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601275 An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other u ... oval:org.secpod.oval:def:601030 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601272 Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host ... oval:org.secpod.oval:def:601271 The update for wordpress in DSA 2901 caused a regression in the Quick Drafts functionality. This update corrects that problem. For reference, the original advisory text follows. Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures projec ... oval:org.secpod.oval:def:601068 A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxy_pass to untrusted upstream HTTP servers is used. An attacker may use this flaw to perform denial of service attacks, disclose worker proce ... oval:org.secpod.oval:def:601066 Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches. Thi ... oval:org.secpod.oval:def:601060 It was discovered that users with a valid agent login could use crafted URLs to bypass access control restrictions and read tickets to which they should not have access. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:601063 It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master. oval:org.secpod.oval:def:601062 Konstantin Belousov and Alan Cox discovered that insufficient permission checks in the memory management of the FreeBSD kernel could lead to privilege escalation. oval:org.secpod.oval:def:601057 James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2153 The implementation of XML digital signa ... oval:org.secpod.oval:def:601054 Krzysztof Katowicz-Kowalewski discovered a vulnerability in fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using fail2ban to monitor Apache logs, improper input validation in log parsing could enable a ... oval:org.secpod.oval:def:601080 It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. oval:org.secpod.oval:def:601087 Two security issues were found in Cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:601088 Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework. The is_safe_url utility function used to validate that a used URL is on the current host to avoid potentially dangerous redirects from maliciously-constructed querystrin ... oval:org.secpod.oval:def:601084 Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4206 Mark Wooding discovered a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication. ... oval:org.secpod.oval:def:601075 A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow. oval:org.secpod.oval:def:601077 OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect oval:org.secpod.oval:def:601092 Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-3077 Clement Lecigne from the Google Security Team reported an integer overflow ... oval:org.secpod.oval:def:601098 Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service. oval:org.secpod.oval:def:601097 Several denial-of-service vulnerabilities were discovered in the dcraw code base, a program for procesing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package. oval:org.secpod.oval:def:601099 Anton Kortunov reported a heap corruption in ImageMagick, a program collection and library for converting and manipulating image files. Crafted GIF files could cause ImageMagick to crash, potentially leading to arbitrary code execution. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:601096 The wheezy part of the previous python-django update, DSA-2740-1, was incorrectly built and did not include all legacy symbolic links for the jquery Javascript library. oval:org.secpod.oval:def:601095 Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems: CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. CVE-2013-5589 cacti/host.php contained an SQL injection vulnerability, allowing an attacker to exec ... oval:org.secpod.oval:def:601873 Florian Maury from ANSSI discovered a flaw in pdns-recursor, a recursive DNS server : a remote attacker controlling maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial-of-service. oval:org.secpod.oval:def:602008 Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation fa ... oval:org.secpod.oval:def:601256 This revision to the recent OpenSSL update, DSA-2896-1, checks for some services that may use OpenSSL in a way that they expose the vulnerability. Such services are proposed to be restarted during the upgrade to help in the actual deployment of the fix. The list of services that are checked is not c ... oval:org.secpod.oval:def:601255 A vulnerability has been discovered in OpenSSL"s support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory. All users are u ... oval:org.secpod.oval:def:602039 Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server: CVE-2015-1821 Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service or execut ... oval:org.secpod.oval:def:38255 A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capab ... oval:org.secpod.oval:def:602387 Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or p ... oval:org.secpod.oval:def:602377 An anonymous contributor working with VeriSign iDefense Labs discovered that libreoffice, a full-featured office productivity suite, did not correctly handle Lotus WordPro files. This would enable an attacker to crash the program, or execute arbitrary code, by supplying a specially crafted LWP file. oval:org.secpod.oval:def:602166 It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code. oval:org.secpod.oval:def:601990 Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the li ... oval:org.secpod.oval:def:601789 Several vulnerabilities were discovered in qemu, a fast processor emulator: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial of service * An informati ... oval:org.secpod.oval:def:601795 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial ... oval:org.secpod.oval:def:601751 Tomas Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash or possibly to execute arbitrary code. oval:org.secpod.oval:def:601790 Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0179 Richard Jones and Daniel P. Berrange found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documen ... oval:org.secpod.oval:def:601728 It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation. oval:org.secpod.oval:def:601270 Multiple vulnerabilities have been discovered in OpenSSL. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-5298 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-thre ... oval:org.secpod.oval:def:601237 Florian Weimer discovered a buffer overflow in udisks"s mount path parsing code which may result in privilege escalation. oval:org.secpod.oval:def:601174 Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601182 Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package. T ... oval:org.secpod.oval:def:602073 It was discovered that missing input saniting in Snoopy, a PHP class that simulates a web browser may result in the execution of arbitrary commands. oval:org.secpod.oval:def:601169 Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code. oval:org.secpod.oval:def:601113 Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats function could lead to denial of service. The oldstable distribution is not affected. oval:org.secpod.oval:def:601065 Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Refe ... oval:org.secpod.oval:def:601050 It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets. The oldstable distribution is not affected by t ... oval:org.secpod.oval:def:601051 Jibbers McGee discovered that pymongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash. The oldstable distribution , is not affected by this issue. oval:org.secpod.oval:def:601029 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601021 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601179 Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled. oval:org.secpod.oval:def:602293 A memory-corrupting integer overflow in the handling of the ECH control sequence was discovered in PuTTY"s terminal emulator. A remote attacker can take advantage of this flaw to mount a denial of service or potentially to execute arbitrary code. oval:org.secpod.oval:def:601981 Patrick Coleman discovered that the Putty SSH client failed to wipe out unused sensitive memory. In addition Florent Daigniere discovered that exponential values in Diffie Hellman exchanges were insufficienty restricted. oval:org.secpod.oval:def:602288 Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package in the o ... oval:org.secpod.oval:def:601827 James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. oval:org.secpod.oval:def:601764 A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution. oval:org.secpod.oval:def:601756 A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution. oval:org.secpod.oval:def:601246 Aaron Neyer discovered that missing input sanitising in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message. oval:org.secpod.oval:def:601243 Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack. oval:org.secpod.oval:def:601843 An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str function of libksba, an X.509 and CMS library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using ... oval:org.secpod.oval:def:602465 Hans Jerry Illikainen discovered that missing input sanitising in the BMP processing code of the optipng PNG optimiser may result in denial of service or the execution of arbitrary code if a malformed file is processed. oval:org.secpod.oval:def:601900 Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able t ... oval:org.secpod.oval:def:602459 Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-3068 Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary ... oval:org.secpod.oval:def:601820 HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user"s system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override con ... oval:org.secpod.oval:def:601918 A regression in the decoding of chroma-subsampled images in OpenJPEG was introduced by one of the patches for CVE-2013-6045. This update fixes the regression. For reference, the original text of DSA-2808-1 is reproduced below: Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 ima ... oval:org.secpod.oval:def:601866 Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. oval:org.secpod.oval:def:601877 It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the "expandaddr" in an appropriate mailrc file. ... oval:org.secpod.oval:def:601876 Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the "mail" command: CVE-2004-2771 mailx interprets interprets shell meta-characters in certain email addresses. CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as sh ... oval:org.secpod.oval:def:601870 Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. This update corre ... oval:org.secpod.oval:def:602319 Michal Kowalczyk and Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. oval:org.secpod.oval:def:602006 Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont"s code to process BDF fonts, which might result in privilege escalation. oval:org.secpod.oval:def:602245 Frediano Ziglio of Red Hat discovered several vulnerabilities in spice, a SPICE protocol client and server library. A malicious guest can exploit these flaws to cause a denial of service , execute arbitrary code on the host with the privileges of the hosting QEMU process or read and write arbitrary ... oval:org.secpod.oval:def:602270 Multiple vulnerabilities have been discovered in LibreOffice, a full-featured office productivity: CVE-2015-4551 Federico Scrinzi discovered an information leak in the handling of ODF documents. Quoting from https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/: The LinkUpdateMode ... oval:org.secpod.oval:def:601984 Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601971 Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files. By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow. oval:org.secpod.oval:def:602429 Lael Cellier discovered two buffer overflow vulnerabilities in git, a fast, scalable, distributed revision control system, which could be exploited for remote execution of arbitrary code. oval:org.secpod.oval:def:602358 Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602109 Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ... oval:org.secpod.oval:def:602135 It was discovered that CUPS, the Common UNIX Printing System, is vulnerable to a remotely triggerable privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on the CUPS server. oval:org.secpod.oval:def:602124 The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression. Please refer to the upstream Bug FAQ for additional ... oval:org.secpod.oval:def:602380 Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for "group order" in the Diffie-Hellman negotiation. This weakens significantly the handshake s ... oval:org.secpod.oval:def:602161 Insufficient input sanitising in libwmf, a library to process Windows metafile data, may result in denial of service or the execution of arbitrary code if a malformed WMF file is opened. oval:org.secpod.oval:def:602027 A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file ... oval:org.secpod.oval:def:602041 Abhishek Arya discovered a buffer overflow in the MakeBigReq macro provided by libx11, which could result in denial of service or the execution of arbitrary code. Several other xorg packages will be recompiled against the fixed package after the release of this update. For detailed information on t ... oval:org.secpod.oval:def:602062 It was discovered that missing input sanitising in Libreoffice"s filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened. oval:org.secpod.oval:def:601989 Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0282 GnuTLS does not verify the RSA PKCS #1 signature algorithm to match the signature algorithm in ... oval:org.secpod.oval:def:602456 Randell Jesup and the Firefox team discovered that srtp, Cisco"s reference implementation of the Secure Real-time Transport Protocol , does not properly handle RTP header CSRC count and extension header length. A remote attacker can exploit this vulnerability to crash an application linked against l ... oval:org.secpod.oval:def:602366 Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8629 It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by send ... oval:org.secpod.oval:def:602400 Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl"s taint secu ... oval:org.secpod.oval:def:602297 Tibor Jager, Jörg Schwenk, and Juraj Somorovsky, from Horst Görtz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic C ... oval:org.secpod.oval:def:601999 Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. oval:org.secpod.oval:def:602208 Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. oval:org.secpod.oval:def:602323 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3223 Thilo Uttendorfer of Linux Information Systems AG discovered that a malicious request can cause th ... oval:org.secpod.oval:def:601927 A vulnerability was discovered in PolarSSL, a lightweight crypto and SSL/TLS library. A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library , or potentially, to execute arbitrary code. oval:org.secpod.oval:def:602373 Several vulnerabilities have been fixed in the GNU C Library, eglibc. The CVE-2015-7547 vulnerability listed below is considered to have critical impact. CVE-2014-8121 Robin Hack discovered that the nss_files database did not correctly implement enumeration interleaved with name-based or ID-based lo ... oval:org.secpod.oval:def:602438 Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service , or potentially, execution of arbitrary code, if bgpd is configured with BGP peer ... oval:org.secpod.oval:def:21032 Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting. oval:org.secpod.oval:def:44751 rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. oval:org.secpod.oval:def:602243 Multiple vulnerabilities were discovered in Zend Framework, a PHP framework: CVE-2015-5723 It was discovered that due to incorrect permissions masks when creating directories, local attackers could potentially execute arbitrary code or escalate privileges. ZF2015-08 Chris Kings-Lynne discovered an ... oval:org.secpod.oval:def:602374 Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt11 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details. oval:org.secpod.oval:def:602344 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. oval:org.secpod.oval:def:602419 Multiple vulnerabilities were discovered in the dissectors/parsers for DNP, RSL, LLRP, GSM A-bis OML, ASN 1 BER which could result in denial of service. oval:org.secpod.oval:def:602412 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. oval:org.secpod.oval:def:602433 It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation oval:org.secpod.oval:def:602421 Multiple vulnerabilities were discovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service. oval:org.secpod.oval:def:602420 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7560 Jeremy Allison of Google, Inc. and the Samba Team discovered that Samba incorrectly handles gettin ... oval:org.secpod.oval:def:602281 Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without pr ... oval:org.secpod.oval:def:602237 A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service . oval:org.secpod.oval:def:602198 It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command. oval:org.secpod.oval:def:602201 It was discovered that opensaml2, a Security Assertion Markup Language library, needed to be rebuilt against a fixed version of the xmltooling package due to its use of macros vulnerable to CVE-2015-0851 as fixed in the DSA 3321-1 update. For reference the original advisory text follows. The InCommo ... oval:org.secpod.oval:def:602174 The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service via crafted XML data. oval:org.secpod.oval:def:602184 William Robinet and Stefan Cornelius discovered an integer overflow in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or potentially execution of arbitrary code if a specially crafted file is opened. oval:org.secpod.oval:def:602126 Multiple vulnerabilities were discovered in the dissectors/parsers for LBMR, web sockets, WCP, X11, IEEE 802.11 and Android Logcat, which could result in denial of service. oval:org.secpod.oval:def:602069 Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and DHCP/TFTP server, did not properly check the return value of the setup_reply function called during a TCP connection, which is used then as a size argument in a function which writes data on the client"s connection. A remote attack ... oval:org.secpod.oval:def:602129 An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to ... oval:org.secpod.oval:def:602037 Hanno Boeck discovered a stack-based buffer overflow in the asn1_der_decoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code. oval:org.secpod.oval:def:602023 Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service. oval:org.secpod.oval:def:601916 In DSA 3123 the binutils package was updated for several security issues. This update adds rebuilt packages for binutils-mingw-w64, so these will take advantage of the fixes. For reference the original advisory text follows. Multiple security issues have been found in binutils, a toolbox for binary ... oval:org.secpod.oval:def:601906 Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restriction ... oval:org.secpod.oval:def:601936 Multiple vulnerabilities were discovered in the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial of service. oval:org.secpod.oval:def:601899 Mike Daskalakis reported a denial of service vulnerability in charon, the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish IPsec protected links. The bug can be triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier is from the priv ... oval:org.secpod.oval:def:601849 Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library handling Free Lossless Audio Codec media: by providing a specially crafted FLAC file, an attacker could execute arbitrary code. oval:org.secpod.oval:def:601841 Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service. oval:org.secpod.oval:def:601845 A vulnerability was discovered in ppp, an implementation of the Point-to-Point Protocol: an integer overflow in the routine responsible for parsing user-supplied options potentially allows a local attacker to gain root privileges. oval:org.secpod.oval:def:601043 Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected. CVE-2013-2837 Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a ... oval:org.secpod.oval:def:601052 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2855 The Developer Tools API in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2856 Use-after-free vulnerabi ... oval:org.secpod.oval:def:601128 Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project"s XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. oval:org.secpod.oval:def:601072 Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n . CVE-2013-2867 Chrome does not properly prevent pop-under windows. CVE-2013-2868 common/extensions/sync_helper.cc proceeds with sy ... oval:org.secpod.oval:def:601089 Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2887 The chrome 29 development team found various issues from internal fuzzing, audits, and other studies. CVE-2013-2900 Krystian Bigaj discovered a file handling path sanitization issue. CVE-2013-2901 Alex Chapman di ... oval:org.secpod.oval:def:601137 The Google Chrome Security Team discovered two issues in the International Components for Unicode library. oval:org.secpod.oval:def:601135 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2906 Atte Kettunen of OUSPG discovered race conditions in Web Audio. CVE-2013-2907 Boris Zbarsky discovered an out-of-bounds read in window.prototype. CVE-2013-2908 Chamal de Silva discovered an address bar spoofing i ... oval:org.secpod.oval:def:601216 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on featur ... oval:org.secpod.oval:def:601266 Several vulnerabilities were discovered in the chromium web browser. CVE-2014-1716 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2014-1717 An out-of-bounds read issue was discovered in the v8 javascript library. CVE-2014-1718 Aaron Staple discovered an integer overflo ... oval:org.secpod.oval:def:601282 Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-1730 A type confusion issue was discovered in the v8 javascript library. CVE-2014-1731 John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation. CVE-2014-1732 Khalil Zhani ... oval:org.secpod.oval:def:601791 Several vulnerabilities were discovered in the chromium web browser. CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985 ... oval:org.secpod.oval:def:601991 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library oval:org.secpod.oval:def:602063 Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its "title" option. This would allow a remote attacker to inject arbitrary code through cross-site scripting. oval:org.secpod.oval:def:601111 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code. The Icedove version in the oldstable distribution is no longer supported with full s ... oval:org.secpod.oval:def:601161 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming all ... oval:org.secpod.oval:def:602275 Marc Deslauriers reported that the update for krb5 issued as DSA-3395-1 did not contain the patch to address CVE-2015-2697 for the packages built for the oldstable distribution . Updated packages are now available to address this issue. For reference, the relevant part of the original advisory text ... oval:org.secpod.oval:def:602271 Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2695 It was discovered that applications which call gss_inquire_context on a partially-established SPNEGO context can caus ... oval:org.secpod.oval:def:601108 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows may lead to the execution of arbitrary code. The Iceweasel version in the oldstable distribution is no longer supported with security updates. oval:org.secpod.oval:def:601027 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privileg ... oval:org.secpod.oval:def:601046 It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition. oval:org.secpod.oval:def:601045 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary co ... oval:org.secpod.oval:def:602370 Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. CVE-2 ... oval:org.secpod.oval:def:601064 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementaton errors may lead to the execution of arbitrary code, ... oval:org.secpod.oval:def:601067 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementaton errors may lead to the execution of arbit ... oval:org.secpod.oval:def:601061 Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function. The curl command line tool is not affected by this problem as it doesn"t use the curl_easy_unescape function. oval:org.secpod.oval:def:601086 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity exp ... oval:org.secpod.oval:def:601083 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code, cross-site scripting, privilege escalation, bypass of the ... oval:org.secpod.oval:def:601070 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. oval:org.secpod.oval:def:601071 It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. oval:org.secpod.oval:def:601074 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. oval:org.secpod.oval:def:601073 Two security issues have been found in the Tomcat servlet and JSP engine: CVE-2012-3544 The input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service. CVE-2013-2067 The FormAuthenticator module was vulnerable ... oval:org.secpod.oval:def:601094 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting. The Icedove version in ... oval:org.secpod.oval:def:601809 Multiple vulnerabilities were discovered in the dissectors/parsers for RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial of service. oval:org.secpod.oval:def:601807 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40 oval:org.secpod.oval:def:601804 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origin p ... oval:org.secpod.oval:def:601802 Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol extension data. A remote attacker could send multiple specially crafted handshake messa ... oval:org.secpod.oval:def:601824 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream versio ... oval:org.secpod.oval:def:601818 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update update ... oval:org.secpod.oval:def:601842 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:601840 Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service by supplying a specia ... oval:org.secpod.oval:def:601846 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:601834 The previous update for iceweasel in DSA-3050-1 did not contain builds for the armhf architecture due to an error in the Debian packaging specific to the armhf build. This update corrects that problem. For reference, the original advisory text follows. Multiple security issues have been found in Ice ... oval:org.secpod.oval:def:601836 Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service by supplying a specially crafted ELF file. oval:org.secpod.oval:def:601863 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or ... oval:org.secpod.oval:def:601869 Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service. oval:org.secpod.oval:def:601856 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of s ... oval:org.secpod.oval:def:601898 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. As announced in DSA 3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerabilities are addressed by upgrading ... oval:org.secpod.oval:def:601200 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35 oval:org.secpod.oval:def:601226 Multiple vulnerabilities were discovered in Wireshark: CVE-2014-2281 Moshe Kaplan discovered that the NFS dissector could be crashed, resulting in denial of service. CVE-2014-2283 It was discovered that the RLC dissector could be crashed, resulting in denial of service. CVE-2014-2299 Wesley Neelen d ... oval:org.secpod.oval:def:601222 It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID ... oval:org.secpod.oval:def:601225 Several vulnerabilities have been found in file, a file type classification tool. Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable format files, the executable format used on Windows. When processing a defective or intentionally prepared PE execut ... oval:org.secpod.oval:def:601215 It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID ... oval:org.secpod.oval:def:601218 Various vulnerabilities were discovered in PostgreSQL: * Shore up GRANT ... WITH ADMIN OPTION restrictions Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. ... oval:org.secpod.oval:def:601124 Two vulnerabilities were discovered in GnuPG, the GNU privacy guard, a free PGP replacement. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4351 When a key or subkey had its "key flags" subpacket set to all bits off, GnuPG currently would treat ... oval:org.secpod.oval:def:601121 Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard, a free PGP replacement. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4351 When a key or subkey had its "key flags" subpacket set to all bits off, GnuPG currently would tre ... oval:org.secpod.oval:def:601138 Multiple security issues have been found in iceweasel, Debian"s version of the Mozilla Firefox web browser: multiple memory safety errors, and other implementation errors may lead to the execution of arbitrary code. The iceweasel version in the oldstable distribution is no longer supported with sec ... oval:org.secpod.oval:def:601133 Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation. oval:org.secpod.oval:def:601164 Two security issues were found in Samba, a SMB/CIFS file, print, and login server: CVE-2013-4408 It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code. CVE-2013-4475 Hemanth Thummala discovered that ACLs were not checked whe ... oval:org.secpod.oval:def:601165 Murray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code. oval:org.secpod.oval:def:602005 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0817 ilxu1a reported a flaw in Mozilla"s implementation of typed array bounds checking in JavaScrip ... oval:org.secpod.oval:def:601158 Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library . With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. oval:org.secpod.oval:def:601188 It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts could result in the execution of arbitrary code. oval:org.secpod.oval:def:601178 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.33, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Matthias Reichl ... oval:org.secpod.oval:def:602025 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service. oval:org.secpod.oval:def:602024 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site ... oval:org.secpod.oval:def:602021 Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. CVE-2013-4449 Michael Vishchers from Seven Principles AG discovered a denial of service vulnerability in slapd, the directory server implementation. When the server is configured to u ... oval:org.secpod.oval:def:601176 Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts. oval:org.secpod.oval:def:601171 Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602054 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0248 Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain req ... oval:org.secpod.oval:def:601190 Multiple vulnerabilities have been found in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-4130 David Gibson of Red Hat discovered that SPICE incorrectly handled certain network errors. A remote user able ... oval:org.secpod.oval:def:601911 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service. oval:org.secpod.oval:def:601915 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service. oval:org.secpod.oval:def:601912 Two vulnerabilities have been discovered in the RPM package manager. CVE-2013-6435 Florian Weimer discovered a race condition in package signature validation. CVE-2014-8118 Florian Weimer discovered an integer overflow in parsing CPIO headers which might result in the execution of arbitrary code. oval:org.secpod.oval:def:601940 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:601707 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrec ... oval:org.secpod.oval:def:601709 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. oval:org.secpod.oval:def:601948 Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos: CVE-2014-5352 Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code. CVE-2014-9421 Incorrect memory management in kadmind"s processing of XD ... oval:org.secpod.oval:def:601946 Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9297 Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and ... oval:org.secpod.oval:def:601931 Matthew Daley discovered that squid, a web proxy cache, does not properly perform input validation when parsing requests. A remote attacker could use this flaw to mount a denial of service attack, by sending specially crafted Range requests. oval:org.secpod.oval:def:601937 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:601935 Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in privile ... oval:org.secpod.oval:def:601722 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38 oval:org.secpod.oval:def:601729 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. oval:org.secpod.oval:def:601969 Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. oval:org.secpod.oval:def:601953 Marc Deslauriers reported that the patch applied to ntp for CVE-2014-9297 in DSA 3154-1 was incomplete. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities were discovered in the ntp package, an implementation of the Netw ... oval:org.secpod.oval:def:601717 Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings. oval:org.secpod.oval:def:601957 Olivier Fourdan discovered that missing input validation in the Xserver"s handling of XkbSetGeometry requests may result in an information leak or denial of service. oval:org.secpod.oval:def:601987 Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeab ... oval:org.secpod.oval:def:601743 Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI applicat ... oval:org.secpod.oval:def:601988 Multiple vulnerabilities were discovered in libgcrypt: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on Elgama ... oval:org.secpod.oval:def:601746 Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service. oval:org.secpod.oval:def:601986 Several vulnerabilities were discovered in the International Components for Unicode library. CVE-2013-1569 Glyph table issue. CVE-2013-2383 Glyph table issue. CVE-2013-2384 Font layout issue. CVE-2013-2419 Font processing issue. CVE-2014-6585 Out-of-bounds read. CVE-2014-6591 Additional out-of-boun ... oval:org.secpod.oval:def:601976 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:601972 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:601761 Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian"s version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbi ... oval:org.secpod.oval:def:601750 Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service , information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed . Detailed descriptions of the vu ... oval:org.secpod.oval:def:601992 It was discovered that the Mozilla Network Security Service library incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack. oval:org.secpod.oval:def:601759 It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code. oval:org.secpod.oval:def:601786 Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS , was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. oval:org.secpod.oval:def:601778 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:601774 This update corrects DSA 3021-1, which introduced a regression in the detection of a some "Composite Document Files" , marking them look as corrupted, with the error: "Can"t expand summary_info". On additional information, 5.11-2+deb7u4 changed the detection of certain text files ... oval:org.secpod.oval:def:601771 Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause name ... oval:org.secpod.oval:def:601770 Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash. oval:org.secpod.oval:def:601798 Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS , was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. oval:org.secpod.oval:def:601794 Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack. oval:org.secpod.oval:def:601793 Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss. This vulnerability can be seen as an incomplete fix o ... oval:org.secpod.oval:def:601249 Two vulnerabilities were fixed in Openswan, an IKE/IPsec implementation for Linux. CVE-2013-2053 During an audit of Libreswan , Florian Weimer found a remote buffer overflow in the atodn function. This vulnerability can be triggered when Opportunistic Encryption is enabled and an attacker controls ... oval:org.secpod.oval:def:601241 Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution. oval:org.secpod.oval:def:601231 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure, denial of service. oval:org.secpod.oval:def:601268 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of s ... oval:org.secpod.oval:def:21034 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:601047 Multiple vulnerabilities were discovered in the dissectors for GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could result in denial of service or the execution of arbitrary code. The oldstable distribution is not affected. oval:org.secpod.oval:def:601049 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1968 Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A ... oval:org.secpod.oval:def:601285 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrar ... oval:org.secpod.oval:def:601042 It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding. The oldstable distribution is not affected because the security fix that introduced this vulnerability was not applied to it. oval:org.secpod.oval:def:601286 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.37 oval:org.secpod.oval:def:601273 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. oval:org.secpod.oval:def:601058 Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion. CVE-2013-1960 Emmanuel Bouillon discovered a heap-based buffer overflow in the tp_process_jpeg_strip function in the tiff2pdf tool. This could potentially lead to a crash or arbitra ... oval:org.secpod.oval:def:601055 Multiple vulnerabilities were discovered in the dissectors for CAPWAP, GMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave file parser, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602383 lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default. oval:org.secpod.oval:def:601082 Multiple vulnerabilities were discovered in the dissectors for DVB-CI, GSM A Common and ASN.1 PER and in the Netmon file parser. oval:org.secpod.oval:def:601079 Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. oval:org.secpod.oval:def:601076 Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query. oval:org.secpod.oval:def:601078 Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. This update fixes this issue for the 1.4 series of GnuPG. GnuPG 2.x is affected through its use of the libgc ... oval:org.secpod.oval:def:601091 Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602187 Alex Rousskov of The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not correctly handle CONNECT method peer responses when configured with cache_peer and operating on explicit proxy traffic. This could allow remote clients to gain unrestricted access through a ga ... oval:org.secpod.oval:def:21009 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficien ... oval:org.secpod.oval:def:21011 Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests. oval:org.secpod.oval:def:21010 This update corrects a packaging error for the packages released in DSA-3008-1. The new sessionclean script used in the updated cronjob in /etc/cron.d/php5 was not installed into the php5-common package. No other changes are introduced. For reference, the original advisory text follows. Several vuln ... oval:org.secpod.oval:def:601905 Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files. As part of the fixes, several limits on aspects of the detection were added or tightened, so ... oval:org.secpod.oval:def:601828 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged gu ... oval:org.secpod.oval:def:601830 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this f ... oval:org.secpod.oval:def:601861 It was discovered that BIND, a DNS server, is prone to a denial of service vulnerability. By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited q ... oval:org.secpod.oval:def:601857 Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast processor emulator. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host ... oval:org.secpod.oval:def:601858 Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu-kvm, a full virtualization solution on x86 hardware. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges ... oval:org.secpod.oval:def:602309 It was discovered that the BIND DNS server does not properly handle the parsing of incoming responses, allowing some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. ... oval:org.secpod.oval:def:602219 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3214 Matt Tait of Google"s Project Zero security team discovered a flaw in the QEMU i8254 PIT emulation. A privileged guest user in a guest with QEMU PIT emulation enabled could potentially use this flaw to execute ... oval:org.secpod.oval:def:602217 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitia ... oval:org.secpod.oval:def:602215 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4497 Jean-Max Reymond and Ucha Gobejishvili discovered a use-after-free vulnerability which occurs ... oval:org.secpod.oval:def:602233 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service . CVE-2015-5279 Qin ... oval:org.secpod.oval:def:602231 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service . CVE-2015-5279 Qinghao Tang of QIHU 360 Inc ... oval:org.secpod.oval:def:602228 Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service via a specially crafted packet. oval:org.secpod.oval:def:602467 Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root. In Debian "UseLogin" i ... oval:org.secpod.oval:def:602253 Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7673 Gustavo Grieco discovered a heap overflow in the processing of TGA images which may ... oval:org.secpod.oval:def:602246 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification. CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into ... oval:org.secpod.oval:def:602265 It was discovered that the code to validate level 2 page table entries is bypassed when certain conditions are satisfied. A malicious PV guest administrator can take advantage of this flaw to gain privileges via a crafted superpage mapping. oval:org.secpod.oval:def:602058 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. oval:org.secpod.oval:def:602057 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. oval:org.secpod.oval:def:602050 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.43 oval:org.secpod.oval:def:602046 Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code. oval:org.secpod.oval:def:602091 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service. oval:org.secpod.oval:def:602088 Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. CVE-2015-27 ... oval:org.secpod.oval:def:601930 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.41 oval:org.secpod.oval:def:601958 Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator"s part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation ... oval:org.secpod.oval:def:601983 Multiple security issues have been found in the Xen virtualisation solution: CVE-2015-2044 Information leak via x86 system device emulation. CVE-2015-2045 Information leak in the HYPERVISOR_xen_version hypercall. CVE-2015-2151 Missing input sanitising in the x86 emulator could result in information ... oval:org.secpod.oval:def:602418 Two vulnerabilities have been discovered in ISC"s BIND DNS server. CVE-2016-1285 A maliciously crafted rdnc, a way to remotely administer a BIND server, operation can cause named to crash, resulting in denial of service. CVE-2016-1286 An error parsing DNAME resource records can cause named to crash, ... oval:org.secpod.oval:def:602102 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests. oval:org.secpod.oval:def:602101 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service. oval:org.secpod.oval:def:602341 It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service. oval:org.secpod.oval:def:602139 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-3209 Matt Tait of Google"s Project Zero security team discovered a flaw in the way QEMU"s AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged ... oval:org.secpod.oval:def:602138 Multiple security issues have been found in the Xen virtualisation solution: CVE-2015-3209 Matt Tait discovered a flaw in the way QEMU"s AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled c ... oval:org.secpod.oval:def:602123 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation. oval:org.secpod.oval:def:602362 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service , that could occur when receiving large packets. CVE-2015-7504 Qinghao T ... oval:org.secpod.oval:def:602361 Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service , that could occur when receiving large packets. CVE-2015-7504 Qinghao Tang ... oval:org.secpod.oval:def:602140 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3209 Matt Tait of Google"s Project Zero security team discovered a flaw in the way QEMU"s AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest wit ... oval:org.secpod.oval:def:602179 Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit. oval:org.secpod.oval:def:602171 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.44 oval:org.secpod.oval:def:602165 Breno Silveira Soares of Servico Federal de Processamento de Dados discovered that the BIND DNS server is prone to a denial of service vulnerability. A remote attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause the resolver to terminat ... oval:org.secpod.oval:def:602195 Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2721 Karthikeyan Bhargavan discovered that NSS incorrectly handles state transitions for the TLS state machi ... oval:org.secpod.oval:def:601907 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to ... oval:org.secpod.oval:def:602469 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager. oval:org.secpod.oval:def:602436 Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation. oval:org.secpod.oval:def:602335 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. oval:org.secpod.oval:def:601808 Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive e ... oval:org.secpod.oval:def:601829 Symeon Paraschoudis discovered that the curl_easy_duphandle function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and curl ... oval:org.secpod.oval:def:601853 Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code. oval:org.secpod.oval:def:602033 The update for libxml2 issued as DSA-3057-1 caused regressions due to an incomplete patch to address CVE-2014-3660. Updated packages are available to address this problem. For reference the original advisory text follows. Sogeti found a denial of service flaw in libxml2, a library providing support ... oval:org.secpod.oval:def:602055 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to the i ... oval:org.secpod.oval:def:601949 Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages. CVE-2015-0241: Out of boundaries read/write T ... oval:org.secpod.oval:def:601952 It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled. In addition, this update addresses a regression introduced in DSA 3057 by t ... oval:org.secpod.oval:def:601904 Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in a ... oval:org.secpod.oval:def:602460 Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation. oval:org.secpod.oval:def:602432 Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in code injection. CVE-2016-3153 g0uZ et sambecks, from team root-me, discovered that arbitrary PHP code could be injected when adding content. CVE-2016-3154 Gilles Vincent discovered that deserializing untrusted ... oval:org.secpod.oval:def:602480 Several vulnerabilities were discovered in imlib2, an image manipulation library. CVE-2011-5326 Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771 It was discovered that an integer overflow could lead to invalid memory reads and unre ... oval:org.secpod.oval:def:44752 The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. oval:org.secpod.oval:def:44754 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ... oval:org.secpod.oval:def:44755 In the cron package through 3.0pl1-128 on Debian, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:602430 Alex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service . oval:org.secpod.oval:def:38097 The host is installed with cryptsetup before 2:1.6.6-5 on Debian 8 or before 2:1.4.3-4 on Debian 7 and is prone to security bypass vulnerability. A flaw is present in scripts, which unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). Successful exploitati ... oval:org.secpod.oval:def:602466 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial ... oval:org.secpod.oval:def:34321 ImageMagick allows to get content of the files from the server by using 'label' pseudo protocol. oval:org.secpod.oval:def:34320 ImageMagick allows to move image files to file with any extension in any folder by using 'msl' pseudo protocol. oval:org.secpod.oval:def:34318 ImageMagick allows to make HTTP GET or FTP request. oval:org.secpod.oval:def:34319 ImageMagick allows to delete files by using 'ephemeral' pseudo protocol which deletes files after reading. oval:org.secpod.oval:def:34316 ImageMagick allows to process files with external libraries. This feature is called 'delegate'. It is implemented as a system() with command string ('command') from the config file delegates.xml with actual value for different params (input/output filenames etc). Due to insufficient %M param filteri ... oval:org.secpod.oval:def:44750 tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. oval:org.secpod.oval:def:601847 Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side. oval:org.secpod.oval:def:602202 The security update from DSA-3325-1 caused a regression for the oldstable distribution . In some configurations, apache2 would fail to start with a spurious error message about the certificate chain. This update fixes this problem. For reference, the text of the original advisory follows: Several vu ... oval:org.secpod.oval:def:602182 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2015-3183 An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking ... oval:org.secpod.oval:def:602251 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.46 oval:org.secpod.oval:def:602353 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47 oval:org.secpod.oval:def:602365 Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash. oval:org.secpod.oval:def:601148 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2931 The chrome 31 development team found various issues from internal fuzzing, audits, and other studies. CVE-2013-6621 Khalil Zhani discovered a use-after-free issue in speech input handling. CVE-2013-6622 cloudfuzz ... oval:org.secpod.oval:def:601284 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. oval:org.secpod.oval:def:601859 Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:601929 An off-by-one flaw, leading to a heap-based buffer overflow , and an unrestricted stack memory use flaw were found in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. oval:org.secpod.oval:def:602416 Several vulnerabilities were discovered in JasPer, a library for manipulating JPEG-2000 files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1577 Jacob Baines discovered a double-free flaw in the jas_iccattrval_destroy function. A remote attacker could ... oval:org.secpod.oval:def:601955 Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw t ... oval:org.secpod.oval:def:601865 Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the auth_timeo ... oval:org.secpod.oval:def:601777 Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon. CVE-2014-3635 On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in the dbus-daemon crash, leading to a crash, or potentially to arbitrary code execution. ... oval:org.secpod.oval:def:601700 Several vulnerabilities have been discovered in dbus, an asynchronous inter-process communication system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-3477 Alban Crequy at Collabora Ltd. discovered that dbus-daemon sends an AccessDenied error to the se ... oval:org.secpod.oval:def:601053 Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead t ... oval:org.secpod.oval:def:602305 Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group, found an integer underflow vulnerability in Grub2, a popular bootloader. A local attacker can bypass the Grub2 authentication by inserting a crafted input as username or password oval:org.secpod.oval:def:602306 The patch applied for gdk-pixbuf to fix CVE-2015-4491 in DSA 3337-1 was incomplete. This update corrects that problem. For reference the original advisory text follows. Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a ... oval:org.secpod.oval:def:602308 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of ser ... oval:org.secpod.oval:def:602200 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin polic ... oval:org.secpod.oval:def:602257 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, or denial of service. oval:org.secpod.oval:def:602486 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602240 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denia ... oval:org.secpod.oval:def:602278 Several vulnerabilities have been discovered in the libpng PNG library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7981 Qixue Xiao discovered an out-of-bounds read vulnerability in the png_convert_to_rfc1123 function. A remote attacker can potentiall ... oval:org.secpod.oval:def:602279 It was discovered that rebinding a receiver of a direct method handle may allow a protected method to be accessed. oval:org.secpod.oval:def:602269 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:602264 Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs. oval:org.secpod.oval:def:602291 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602286 It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602414 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. oval:org.secpod.oval:def:602413 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, address bar spoofing and overwr ... oval:org.secpod.oval:def:602431 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602337 The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client . SSH roaming enables a client, in case an SSH connection breaks unexpectedly, to resume it at a later time, provided the server also supports it. The OpenSSH server doesn"t support roaming, but the Ope ... oval:org.secpod.oval:def:602338 Several vulnerabilities have been discovered in the libpng PNG library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8472 It was discovered that the original fix for CVE-2015-8126 was incomplete and did not detect a potential overrun by applications us ... oval:org.secpod.oval:def:602334 Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct colli ... oval:org.secpod.oval:def:602330 Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct colli ... oval:org.secpod.oval:def:602322 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602349 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography. oval:org.secpod.oval:def:602347 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2. oval:org.secpod.oval:def:602375 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. oval:org.secpod.oval:def:602372 Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code. oval:org.secpod.oval:def:602360 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography. oval:org.secpod.oval:def:602389 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602193 Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a malformed image is opened. oval:org.secpod.oval:def:45698 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load and Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the ... oval:org.secpod.oval:def:602056 The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentia ... oval:org.secpod.oval:def:601085 Several vulnerabilities have been discovered in Swift, the Openstack object storage. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2161 Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers. Account strings wer ... oval:org.secpod.oval:def:602207 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography. oval:org.secpod.oval:def:602137 Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:602173 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography. oval:org.secpod.oval:def:602160 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in D ... oval:org.secpod.oval:def:602185 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in ... oval:org.secpod.oval:def:45290 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. oval:org.secpod.oval:def:43398 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:602320 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive am ... oval:org.secpod.oval:def:602398 Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which m ... oval:org.secpod.oval:def:602209 It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets. oval:org.secpod.oval:def:602236 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2015-0272 It was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs , without sufficiently validating these values. A remote att ... oval:org.secpod.oval:def:602276 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. CVE-2015-5307 Ben Serebrin from Google discovered a guest to host denial of service flaw affecting the KVM hypervisor. A malicious guest can trigger an infinite stream of "alignment check" ... oval:org.secpod.oval:def:602150 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption. CVE-2015-1805 Red Hat discovered that the pipe iovec read and write implementations may iterate over the iovec twice but will modify the ... oval:org.secpod.oval:def:602213 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-4598 thoger at redhat dot com discovered that paths containing a NUL character were improperly handled, thus allowing an attacker to manipulate unexpected files on the server. CVE-2015-4643 Max Spelsberg discovered an intege ... oval:org.secpod.oval:def:602229 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to new upstream versions , which include additional bug fixes. Please refer to the upstream changelog for more information ... oval:org.secpod.oval:def:601168 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse. CVE-2 ... oval:org.secpod.oval:def:602015 The previous update for php5, DSA-3198-1, introduced a regression causing segmentation faults when using SoapClient::__setSoapHeader. Updated packages are now available to address this regression. For reference, the original advisory text follows. Multiple vulnerabilities have been discovered in the ... oval:org.secpod.oval:def:602010 The openssl update issued as DSA 3197-1 caused regressions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied. For reference the original advisory text follows. Multiple vulnerabilities have been discovere ... oval:org.secpod.oval:def:602007 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension . CVE-2014-9705 Buffer overflow in the enchant extension. CVE-2015-0231 Stefan Esser discovered a use-after-free in the unserialisation of objects. CVE-2015 ... oval:org.secpod.oval:def:602003 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-0286 Stephen Henson discovered that the ASN1_TYPE_cmp function can be crashed, resulting in denial of service. CVE-2015 ... oval:org.secpod.oval:def:602002 Hanno Boeck discovered that file"s ELF parser is suspectible to denial of service. oval:org.secpod.oval:def:602036 Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol: CVE-2015-1798 When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentica ... oval:org.secpod.oval:def:602029 Multiple vulnerabilities were discovered in libgd2, a graphics library: CVE-2014-2497 The gdImageCreateFromXpm function would try to dereference a NULL pointer when reading an XPM file with a special color table. This could allow remote attackers to cause a denial of service via crafted XPM files. ... oval:org.secpod.oval:def:602071 It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. oval:org.secpod.oval:def:602067 It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. oval:org.secpod.oval:def:601947 A flaw was found in the test_compr_eb function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact. oval:org.secpod.oval:def:601934 Several vulnerabilities have been fixed in eglibc, Debian"s version of the GNU C library: CVE-2015-0235 Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute ... oval:org.secpod.oval:def:601950 Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service or arbitrary code execution. CVE-2 ... oval:org.secpod.oval:def:601956 It was discovered that the REXML parser, part of the interpreter for the Ruby language, could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service . oval:org.secpod.oval:def:601998 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2301 Use-after-free in the phar extension. CVE-2015-2331 Emmanuel Law discovered an integer overflow in the processing of ZIP archives, resulting in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:601787 Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment . With this update prefix and suffix for environment variable names which con ... oval:org.secpod.oval:def:21035 Boris "pi" Piwinger and Tavis Ormandy reported a heap overflow vulnerability in procmail"s formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss, or possibly execute arbitrary co ... oval:org.secpod.oval:def:602132 Multiple vulnerabilities have been discovered in PHP: CVE-2015-4025 / CVE-2015-4026 Multiple function didn"t check for NULL bytes in path names. CVE-2015-4024 Denial of service when processing multipart/form-data requests. CVE-2015-4022 Integer overflow in the ftp_genlist function may result in deni ... oval:org.secpod.oval:def:602170 Fernando Muñoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service or potentially execute arbitrary code. Geoff McLane also discovered that a similar iss ... oval:org.secpod.oval:def:602188 Several vulnerabilities were discovered in the International Components for Unicode library. CVE-2014-8146 The Unicode Bidirectional Algorithm implementation does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service or possibly execut ... oval:org.secpod.oval:def:601806 Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference. oval:org.secpod.oval:def:601223 Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported sucessfully even in cases were an error would prevent all verification steps to be performed. An attacker doing a man-in-the-middle of a TLS ... oval:org.secpod.oval:def:601221 Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default. The oldstable distribution is not affected by this problem as X.509 version 1 trusted CA certificates are not allowed by default. oval:org.secpod.oval:def:602074 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-8159 It was found that the Linux kernel"s InfiniBand/RDMA subsystem did not properly sanitize input parameters while registering memory regions f ... oval:org.secpod.oval:def:601835 In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of ... oval:org.secpod.oval:def:601211 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or informati ... oval:org.secpod.oval:def:601723 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:601741 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:601739 Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library: CVE-2013-1741 Runaway memset in certificate parsing on 64-bit computers leading to a crash by attempting to write 4Gb of nulls. CVE-2013-5606 Certificate validation with the verifylog mode did not retu ... oval:org.secpod.oval:def:601725 Several security issues were found in the Apache HTTP server. CVE-2014-0118 The DEFLATE input filter in mod_deflate allows remote attackers to cause a denial of service via crafted request data that decompresses to a much larger size. CVE-2014-0226 A race condition was found in mod_status. An atta ... oval:org.secpod.oval:def:602142 Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:602176 Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed. oval:org.secpod.oval:def:601090 It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be ab ... oval:org.secpod.oval:def:602094 Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer protocol. For Debian 7 this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default . TLS compression is dis ... oval:org.secpod.oval:def:601015 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character ... oval:org.secpod.oval:def:602623 Tuomas Räsänen discovered two vulnerabilities in unADF, a tool to extract files from an Amiga Disk File dump : CVE-2016-1243 A stack buffer overflow in the function extractTree might allow an attacker, with control on the content of a ADF file, to execute arbitrary code with th ... oval:org.secpod.oval:def:601913 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks. CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang ... oval:org.secpod.oval:def:601862 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-7841 Liu Wei of Red Hat discovered that a SCTP server doing ASCONF will panic on malformed INIT chunks by triggering a NULL pointer dereference. CVE-2014-8369 A fla ... oval:org.secpod.oval:def:43396 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:601968 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation. CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use this ... oval:org.secpod.oval:def:602114 William Robinet and Michal Zalewski discovered multiple vulnerabilities in the TIFF library and its tools, which may result in denial of service or the execution of arbitrary code if a malformed TIFF file is processed. oval:org.secpod.oval:def:43397 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:45697 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load and Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the ... oval:org.secpod.oval:def:601227 Multiple security issues were discovered in Python: CVE-2013-4238 Ryan Sleevi that NULL charactors in the subject alternate names of SSL cerficates were parsed incorrectly. CVE-2014-1912 Ryan Smith-Roberts discovered a buffer overflow in the socket.recvfrom_into function. oval:org.secpod.oval:def:601163 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6634 Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper. CVE-2013-6635 cloudfuzzer discovered use-after-free issues in the InsertHTML and Indent DOM editing comman ... oval:org.secpod.oval:def:602296 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL point ... oval:org.secpod.oval:def:601238 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium"s web contents color chooser. CVE-2013-6654 TheShow3511 discovered an issue in SVG handling. CVE-2013-6655 cloudfuzzer discovered a use-after-free issue ... oval:org.secpod.oval:def:601081 Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2881 Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling. CVE-2013-2882 Cloudfuzzer discovered a type confusion issue in the V8 javascript library. CVE-2013-2883 Cloudfuzzer discovere ... oval:org.secpod.oval:def:602315 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local sockets can result in a use-after-free. This may ... oval:org.secpod.oval:def:602479 Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an ... oval:org.secpod.oval:def:602255 Two vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. CVE-2015-7803 The phar extension could crash with a NULL pointer dereference when processing tar archives containing links referring to non-existing files. This could lead to a ... oval:org.secpod.oval:def:602403 The update for linux issued as DSA-3426-1 and DSA-3434-1 to address CVE-2015-8543 uncovered a bug in ctdb, a clustered database to store temporary data, leading to broken clusters. Updated packages are now available to address this problem. oval:org.secpod.oval:def:602404 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-4312 Tetsuo Handa discovered that users can use pipes queued on local sockets to allocate an unfair share of kernel memory, leading to ... oval:org.secpod.oval:def:602324 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. CVE-2015-7513 It was discovered that a local user permitted to use the x86 KVM subsystem could configure the PIT emulation to cause a denial of service . C ... oval:org.secpod.oval:def:602192 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. CVE-2015-1333 Colin Ian King discovered a flaw in the add_key function of the Linux kernel"s keyring subsystem. A local user can exploit this flaw to cause ... oval:org.secpod.oval:def:601821 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service: CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of ... oval:org.secpod.oval:def:601705 Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel or for privilege escalation. oval:org.secpod.oval:def:601724 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-3534 Martin Schwidefsky of IBM discovered that the ptrace subsystem does not properly sanitize the psw mask value. On s390 systems, an unprivileged local user could ... oval:org.secpod.oval:def:601093 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1059 Chanam Park reported an issue in the Ceph distributed sto ... oval:org.secpod.oval:def:601153 Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could ... |
