Debian LTS Essential and Critical Security Patch Updates - Page 139
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
CVE-2017-7228 (XSA-212) An insufficient check on XENMEM_exchange may allow PV guests to access all of system memory.
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
ghostscript is vulnerable to multiple issues that can lead to denial of service when processing untrusted content. CVE-2016-10219
The dictionary provided by this package had an unnecessary unversioned conflict against the thunderbird package which recently got reintroduced into Wheezy.
The dictionary provided by this package had an unnecessary unversioned conflict against the thunderbird package which recently got reintroduced into Wheezy.
Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing.
Two security vulnerabilities were discovered in imagemagick that allow remote attackers to cause a denial of service (application crash and infinite loop) or possibly other unspecified impact via a crafted image.
CVE-2017-6448 The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or
The Freetype 2 font engine was vulnerable to an out-of-bounds write caused by a heap-based buffer overflow in the cff_parser_run function in cff/cffparse.c.
Tobias Stoeckmann discovered it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message.
CVE-2016-10324 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in
CVE-2017-6503 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.
The dictionaries provided by this package had an unversioned conflict against the thunderbird package (which so far was not part of wheezy). Since the next update of Icedove introduces a thunderbird package the
Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a
An information disclosure vulnerability was discovered in Bouncy Castle, a Java library which consists of various cryptographic algorithms. The Galois/Counter mode (GCM) implementation was missing a boundary check that could enable a local application to gain access to
It was discovered that there was an integer overflow in libnl3, a library for dealing with netlink sockets. A missing check in nlmsg_reserve() could have allowed a malicious application
It was discovered that there was a FIXME in libnl, a FIXME... For Debian 7 "Wheezy", this issue has been fixed in libnl version 1.1-7+deb7u1.
It was discovered that there were multiple heap-based buffer overflows in ming, a library to generate SWF (Flash) files. The updated packages prevent a crash in the "listswf" utility due to a
It was discovered that potrace, an utility to transform bitmaps into vector graphics, was affected by an integer overflow in the findnext function, allowing remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.
It was discovered that logback, a flexible logging library for Java, would deserialize data from untrusted sockets which may lead to the execution of arbitrary code. This issue has been resolved by adding a whitelist to use only trusted classes.