|Paid content will be excluded from the download.
| Matches : 3073
|It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification.
Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.
Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. These fixes require extra updates to the database which can be done from the administration pages.
Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. The IDs mentioned above are just a portion of the security issues fixed in this update
Several vulnerabilities have been found in file, a file type classification tool. Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable format files, the executable format used on Windows. When processing a defective or intentionally prepared PE executable which contains invalid offset information, the file_strncmp routine will access memory that is ...
Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the applicatio ...
Guillem Jover discovered that the changelog retrieval functionality in apt-get used temporary files in an insecure way, allowing a local user to cause arbitrary files to be overwritten. This vulnerability is neutralized by the fs.protected_symlinks setting in the Linux kernel, which is enabled by default in Debian 7 Wheezy and up.
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial of service * An information leak was discovered in the VGA emulation
Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origin policy or a loss of privacy. This update updates Iceweasel to the ESR31 series of Firefox. The new re ...
Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service.
Pages:      Start    280    281    282    283    284    285    286    287    288    289    290    291    292    293    ..   307
© 2013 SecPod Technologies