Day: 11 febrero, 2018

Meh Chang discovered a buffer overflow flaw in a utility function usedin the SMTP listener of Exim, a mail transport agent. A remote attackercan take advantage of this flaw to cause a denial of service, orpotentially the execution of arbitrary code via a specially craftedmessage. More info: https://www.debian.org/security/2018/dsa-4110

Lalith Rallabhandi discovered that OmniAuth, a Ruby library forimplementing multi-provider authentication in web applications,mishandled and leaked sensitive information. An attacker with access tothe callback environment, such as in the case of a crafted webapplication, can request authentication services from this module andaccess to the CSRF token. More info: https://www.debian.org/security/2018/dsa-4109