Several vulnerabilities were discovered in libevent, an asynchronous
event notification library. They would lead to Denial Of Service via
application crash, or remote code execution.
Category Archives: Debian
Debian Security Advisories
DSA-3787 tomcat7 – security update
It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may result in
denial of service via an infinite loop.
DSA-3786 vim – security update
Editor spell files passed to the vim (Vi IMproved) editor
may result in an integer overflow in memory allocation
and a resulting buffer overflow which potentially
could result in the execution of arbitrary code or denial of
service.
DSA-3788 tomcat8 – security update
It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may result in
denial of service via an infinite loop.
DSA-3784 viewvc – security update
Thomas Gerbet discovered that viewvc, a web interface for CVS and
Subversion repositories, did not properly sanitize user input. This
problem resulted in a potential Cross-Site Scripting vulnerability.
DSA-3785 jasper – security update
Multiple vulnerabilities have been discovered in the JasPer library
for processing JPEG-2000 images, which may result in denial of service
or the execution of arbitrary code if a malformed image is processed.
DSA-3782 openjdk-7 – security update
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the bypass of
Java sandbox restrictions, denial of service, arbitrary code execution,
incorrect parsing or URLs/LDAP DNs or cryptoraphice timing side channel
attacks.
DSA-3783 php5 – security update
Several issues have been discovered in PHP, a widely-used open source
general-purpose scripting language.
DSA-3781 svgsalamander – security update
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was
susceptible to server side request forgery.
DSA-3779 wordpress – security update
Several vulnerabilities were discovered in wordpress, a web blogging
tool. They would allow remote attackers to hijack victims’
credentials, access sensitive information, execute arbitrary commands,
bypass read and post restrictions, or mount denial-of-service attacks.