Debian LTS Linux Distribution - Page 135
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
The dictionary provided by this package had an unnecessary unversioned conflict against the thunderbird package which recently got reintroduced into Wheezy.
Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing.
Two security vulnerabilities were discovered in imagemagick that allow remote attackers to cause a denial of service (application crash and infinite loop) or possibly other unspecified impact via a crafted image.
CVE-2017-6448 The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or
The Freetype 2 font engine was vulnerable to an out-of-bounds write caused by a heap-based buffer overflow in the cff_parser_run function in cff/cffparse.c.
Tobias Stoeckmann discovered it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message.
CVE-2016-10324 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in
CVE-2017-6503 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.
The dictionaries provided by this package had an unversioned conflict against the thunderbird package (which so far was not part of wheezy). Since the next update of Icedove introduces a thunderbird package the
Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a
An information disclosure vulnerability was discovered in Bouncy Castle, a Java library which consists of various cryptographic algorithms. The Galois/Counter mode (GCM) implementation was missing a boundary check that could enable a local application to gain access to
It was discovered that there was an integer overflow in libnl3, a library for dealing with netlink sockets. A missing check in nlmsg_reserve() could have allowed a malicious application
It was discovered that there was a FIXME in libnl, a FIXME... For Debian 7 "Wheezy", this issue has been fixed in libnl version 1.1-7+deb7u1.
It was discovered that there were multiple heap-based buffer overflows in ming, a library to generate SWF (Flash) files. The updated packages prevent a crash in the "listswf" utility due to a
It was discovered that potrace, an utility to transform bitmaps into vector graphics, was affected by an integer overflow in the findnext function, allowing remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.
It was discovered that logback, a flexible logging library for Java, would deserialize data from untrusted sockets which may lead to the execution of arbitrary code. This issue has been resolved by adding a whitelist to use only trusted classes.
This update includes the changes in tzdata 2017b for the Perl bindings. For the list of changes, see DLA-886-1. For Debian 7 "Wheezy", these problems have been fixed in version
This update includes the changes in tzdata 2017b. Notable changes are: - Haiti resumed observance of DST in 2017.