Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges.

Secunia Security Advisory - NetBSD has issued an update for BIND. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Secunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

Secunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges.

Secunia Security Advisory - NetBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Mandriva Linux Security Advisory 2013-271 - The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to bsd.lib.mk and bsd.prog.mk.

Debian Linux Security Advisory 4606-1 - Several vulnerabilities have been discovered in the chromium web browser.

Debian Linux Security Advisory 4608-1 - Multiple integer overflows have been discovered in the libtiff library and the included tools.

Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.

Debian Linux Security Advisory 4611-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade.

Debian Linux Security Advisory 4610-1 - Multiple code execution vulnerabilities have been addressed in the webkit2gtk web engine.

Debian Linux Security Advisory 4612-1 - It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access.

Debian Linux Security Advisory 4613-1 - A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.

Debian Linux Security Advisory 4614-1 - Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges.

Debian Linux Security Advisory 4615-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.

Debian Linux Security Advisory 4616-1 - Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.

Debian Linux Security Advisory 4617-1 - Two security issues were found in the Qt library, which could result in plugins and libraries being loaded from the current working directory, resulting in potential code execution.

Debian Linux Security Advisory 4619-1 - Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.

Debian Linux Security Advisory 4618-1 - An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.

Debian Linux Security Advisory 4622-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.

Debian Linux Security Advisory 4623-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.

Debian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.

Debian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.

Debian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

Debian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.

Debian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.

Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

Debian Linux Security Advisory 4604-1 - Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users.

Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.

Cisco C170 Email Security Appliance version 10.0.3-003 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C100V IronPort remote host header injection exploit.

Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.

Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.

Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.

Debian Linux Security Advisory 4535-1 - Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.

Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.

Red Hat Security Advisory 2017-1262-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

Red Hat Security Advisory 2017-1267-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

Red Hat Security Advisory 2017-1268-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

Red Hat Security Advisory 2017-1395-01 - This package contains a new implementation of the original libtirpc, transport-independent RPC library for NFS-Ganesha. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

Asterisk Project Security Advisory - A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed.

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).