Source: ghostscript
Version: 9.21~dfsg-1
Severity: normal
Tags: security patch upstream
Hi,
the following vulnerabilities were published for ghostscript. Note,
I'm collecting those in one bug, because they are currently
unimportant for Debian as xps/ not used during build. But it would be
nice
Source: freerdp
Severity: grave
Tags: security
Hi,
please see:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339
Source: zookeeper
Severity: important
Tags: security
Hi.
I've noticed that in:
/etc/zookeeper/conf/environment
the following is set
JMXLOCALONLY=false
which in turn sets
com.sun.management.jmxremote.local.only=false
Is there any reason for this? It's neither the default in Java
(see e.g.
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: upstream patch security fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698056
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9727[0]:
| The gx_ttfReader__Read function in
Source: ghostscript
Version: 9.21~dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697985
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9835[0]:
| The gs_alloc_ref_array function in
Package: policykit-1
Version: 0.105-18
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
If an unprivileged user is member of group sudo, he can achieve unrestricted
root privileges with pkexec
and his user password (instead of root password). This happens
Source: ghostscript
Version: 9.06~dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698063
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9739[0]:
| The Ins_JMPR function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: patch security upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698026
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9612[0]:
| The Ins_IP function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: security upstream patch fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698024
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9611[0]:
| The Ins_MIRP function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: upstream security patch fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698055
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9726[0]:
| The Ins_MDRP function in base/ttinterp.c in
Source: libjpeg-turbo
Version: 1:1.3.1-12
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for libjpeg-turbo.
CVE-2017-9614[0]:
| The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1
| allows remote attackers to cause a denial of service
11 matches
Mail list logo