This post is about manipulating and obtaining documents printed by other users, which can be accomplished by infecting the printer with PostScript malware.
Monthly Archives: January 2017
DSA-3778 ruby-archive-tar-minitar – security update
Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library
that provides the ability to deal with POSIX tar archive files, is prone
to a directory traversal vulnerability. An attacker can take advantage
of this flaw to overwrite arbitrary files during archive extraction via
a .. (dot dot) in an extracted filename.
Vuln: SHDesigns Resident Download Manager CVE-2016-6567 Remote Code Execution Vulnerability
SHDesigns Resident Download Manager CVE-2016-6567 Remote Code Execution Vulnerability
Vuln: Zimbra Collaboration Suite CVE-2016-3412 Multiple Unspecified Cross-Site Scripting Vulnerabilities
Zimbra Collaboration Suite CVE-2016-3412 Multiple Unspecified Cross-Site Scripting Vulnerabilities
Vuln: Zimbra Collaboration Suite CVE-2016-3411 Unspecified Cross-Site Scripting Vulnerability
Zimbra Collaboration Suite CVE-2016-3411 Unspecified Cross-Site Scripting Vulnerability
Vuln: Zimbra Collaboration Suite CVE-2016-3410 Multiple Unspecified Cross-Site Scripting Vulnerabilities
Zimbra Collaboration Suite CVE-2016-3410 Multiple Unspecified Cross-Site Scripting Vulnerabilities
GLSA 201701-76: HarfBuzz: Multiple vulnerabilities
GLSA 201701-77: Ansible: Remote execution of arbitrary code
DSA-3776 chromium-browser – security update
Several vulnerabilities have been discovered in the chromium web browser.
DSA-3777 libgd2 – security update
Multiple vulnerabilities have been discovered in libgd2, a library for
programmatic graphics creation and manipulation, which may result in
denial of service or potentially the execution of arbitrary code if a
malformed file is processed.