Quan Nguyen discovered that a missing boundary check in the
Galois/Counter mode implementation of Bouncy Castle (a Java
implementation of cryptographic algorithms) may result in information
disclosure.
Category Archives: Debian
Debian Security Advisories
DSA-3828 dovecot – security update
It was discovered that the Dovecot email server is vulnerable to a
denial of service attack. When the dict
passdb and userdb are used
for user authentication, the username sent by the IMAP/POP3 client is
sent through var_expand() to perform %variable expansion. Sending
specially crafted %variable fields could result in excessive memory
usage causing the process to crash (and restart).
DSA-3827 jasper – security update
Multiple vulnerabilities have been discovered in the JasPer library for
processing JPEG-2000 images, which may result in denial of service or
the execution of arbitrary code if a malformed image is processed.
DSA-3826 tryton-server – security update
It was discovered that the original patch to address CVE-2016-1242 did
not cover all cases, which may result in information disclosure of file
contents.
DSA-3825 jhead – security update
It was discovered that jhead, a tool to manipulate the non-image part of
EXIF compliant JPEG files, is prone to an out-of-bounds access
vulnerability, which may result in denial of service or, potentially,
the execution of arbitrary code if an image with specially crafted EXIF
data is processed.
DSA-3824 firebird2.5 – security update
George Noseevich discovered that firebird2.5, a relational database
system, did not properly check User-Defined Functions (UDF), thus
allowing remote authenticated users to execute arbitrary code on the
firebird server.
DSA-3823 eject – security update
Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to
check if a given device is an encrypted device handled by devmapper, and
used in eject, does not check return values from setuid() and setgid()
when dropping privileges.
DSA-3820 gst-plugins-good1.0 – security update
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.
DSA-3821 gst-plugins-ugly1.0 – security update
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.
DSA-3818 gst-plugins-bad1.0 – security update
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.