[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3169 Download | Alert*

Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend. The default configuration for the curl package is not affected by this issue since the digital signature verification is enabled by default. The oldstable distribution is not affected by this proble ...

Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service , information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed . Detailed descriptions of the vulnerabilities can be found at: https://www.openssl.org/news/secadv_20140806.txt It"s important that ...

It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data , performs incorrect verification of 304 replies , does not perform the checksum check when the Acquire::GzipIndexes option is used and does not properly perform validation for binary packages downloaded by the apt-get download command .

Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.

This update reverts the fix, so people are advised to keep kernel symlink protection enabled as it is by default on Wheezy, which is enough to prevent successful exploitation.

It was discovered that a memory leak in parsing X.509 certificates may result in denial of service.

Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file . Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive.

Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor, a recursive DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service .

Tomek Rabczak from the NCC Group discovered a flaw in the normalize_params method in Rack, a modular Ruby webserver interface. A remote attacker can use this flaw via specially crafted requests to cause a `SystemStackError` and potentially cause a denial of service condition for the service.

James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.

Pages:      Start    282    283    284    285    286    287    288    289    290    291    292    293    294    295    ..   316

© SecPod Technologies