Mike Daskalakis reported a denial of service vulnerability in charon,
the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish
IPsec protected links.
Category Archives: Debian
Debian Security Advisories
DSA-3117 php5 – security update
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.
DSA-3116 polarssl – security update
It was discovered that a memory leak in parsing X.509 certificates may
result in denial of service.
DSA-3115 pyyaml – security update
Jonathan Gray and Stanislaw Pitucha found an assertion failure in the
way wrapped strings are parsed in Python-YAML, a YAML parser and emitter
for Python. An attacker able to load specially crafted YAML input into an
application using python-yaml could cause the application to crash.
DSA-3114 mime-support – security update
Timothy D. Morgan discovered that run-mailcap, an utility to execute
programs via entries in the mailcap file, is prone to shell command
injection via shell meta-characters in filenames. In specific scenarios
this flaw could allow an attacker to remotely execute arbitrary code.
DSA-3113 unzip – security update
Michele Spagnuolo of the Google Security Team discovered that unzip, an
extraction utility for archives compressed in .zip format, is affected
by heap-based buffer overflows within the CRC32 verification function
(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the
getZip64Data() function (CVE-2014-8141), which may lead to the execution
of arbitrary code.
DSA-3112 sox – security update
Michele Spagnuolo of the Google Security Team dicovered two heap-based
buffer overflows in SoX, the Swiss Army knife of sound processing
programs. A specially crafted wav file could cause an application using
SoX to crash or, possibly, execute arbitrary code.
DSA-3110 mediawiki – security update
A flaw was discovered in mediawiki, a wiki engine: thumb.php outputs
wikitext messages as raw HTML, potentially leading to cross-site
scripting (XSS).
DSA-3111 cpio – security update
Michal Zalewski discovered an out of bounds write issue in cpio, a tool
for creating and extracting cpio archive files. In the process of
fixing that issue, the cpio developers found and fixed additional
range checking and null pointer dereference issues.
DSA-3109 firebird2.5 – security update
Dmitry Kovalenko discovered that the Firebird database server is prone
to a denial of service vulnerability. An unauthenticated remote attacker
could send a malformed network packet to a firebird server, which would
cause the server to crash.