Mandriva Linux Security Advisory 2013-292 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.
53ecfaa26cc528aa74b8d4d52619c864a4263b41ba8d2f04813cc75c9f74c416Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the au1100fb_fb_mmap function in drivers/video/au1100fb.c and the au1200fb_fb_mmap function in drivers/video/au1200fb.c. Various other issues have also been addressed.
e4a9556722b4bee5720cc309bc992b81c4ac568a9f675f7f404694d9b54048e1Mandriva Linux Security Advisory 2013-289 - Possible security bypass on admin page under certain circumstances and MariaDB. The owncloud package has been updated to version 5.0.13, fixing this and many other issues.
2be9f28fc7baf97fcf0451a03c839ede1e68d3aff1131963db3c1c04ac9ef0e3Mandriva Linux Security Advisory 2013-290 - Kevin Israel identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist. Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users.
a043d15db222d711988b06beb8a88a68fdc48afb69eb8a49a4920d9ea05e5bc0Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Various other issues have also been addressed.
e4a9556722b4bee5720cc309bc992b81c4ac568a9f675f7f404694d9b54048e1Ubuntu Security Notice 2058-1 - Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
60e1a170797d874eef066f39fc83ca164b33b2336bbec6186892e9f7263a5944Mandriva Linux Security Advisory 2013-292 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.
53ecfaa26cc528aa74b8d4d52619c864a4263b41ba8d2f04813cc75c9f74c416Gentoo Linux Security Advisory 201312-14 - An integer overflow in libsndfile might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.0.25 are affected.
f7c23a9b011fc58c901e07dea8431f7de7ded4020406ceec1e4b3c9d4c647493Apple Security Advisory 2013-12-16-2 - OS X Mavericks v10.9.1 is now available and includes the content of Safari 7.0.1, addressing multiple security issues.
e933c076a84f4b522646ec6c1591fb525d0a49d27e6fcd2b7235452666660f3bApple Security Advisory 2013-12-16-1 - Safari 6.1.1 and Safari 7.0.1 are now available and address credential disclosure and code execution vulnerabilities.
7ab3d1c697dc9369b9d42f8726a8bd7c90a0b03b1ec0e1784851af8f406ce3f8Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
3c8cc2b5a7eb3b24d1494c99ff37f6e9ac6f7c5207a1e8d7b4e61919ba875881Ubuntu Security Notice 2057-1 - It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service.
3023731e05cb170f3c2ec2c9455de1dc37e2de053b30274317d9787b8a01e016Red Hat Security Advisory 2013-1853-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.0 release serves as a replacement for JBoss Operations Network 3.1.2, and includes several bug fixes.
dbd543071b01d4b700875aa71439e1cdfedf225ca4e629df2fd1c6fbeee18f9dRed Hat Security Advisory 2013-1852-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.
408e9dced4a78063d46a3c5ad841cd1da280aba9d71105691fed772205ec9fe9Red Hat Security Advisory 2013-1850-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash
512aeb66961c16223628ab66d15593f1a5a271ed409cbf61778f83fb297cd372Red Hat Security Advisory 2013-1851-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.
2052be0f7c8339b1c51ce9226e2c8cb26ff56c810deb0045d626a93fea5dbe68Mandriva Linux Security Advisory 2013-287 - Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive. Drupal's form API has built-in cross-site request forgery validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations. Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances. Image field descriptions are not properly sanitized before they are printed to HTML, thereby exposing a cross-site scripting vulnerability. A cross-site scripting vulnerability was found in the Color module. A malicious attacker could trick an authenticated administrative user into visiting a page containing specific JavaScript that could lead to a reflected cross-site scripting attack via JavaScript execution in CSS. The Overlay module displays administrative pages as a layer over the current page , rather than replacing the page in the browser window. The Overlay module did not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. The updated packages has been upgraded to the 7.24 version which is unaffected by these security flaws. Additional apache ACL restrictions has been added to fully conform to the SA-CORE-2013-003 advisory.
fed306c15c990831cfcb57bfa68e96fad895d550493f9d8e5b93559533ece6beMandriva Linux Security Advisory 2013-288 - mod_dontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured by mod_dontdothat. When SVNAutoversioning is enabled via SVNAutoversioning on, commits can be made by single HTTP requests such as MKCOL and PUT. If Subversion is built with assertions enabled any such requests that have non-canonical URLs, such as URLs with a trailing /, may trigger an assert. An assert will cause the Apache process to abort.
2b284bf5957b911f55f105df884a9ca0150a711e87f044206c4afb31ef1b6e5eSlackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
5269c145b787ba0b2cab78ef991f46f5cde902a7ef9f94de118429b5cef0dfc5Slackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
82b80a4b39cbc2f9e4d1fd69516d4b4b5c6cce2e9d57571c0b45c8df583cd24aSlackware Security Advisory - New libjpeg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
3e973178e555d20266eeb8d1dbcd714d627496aac57d36741091e9b882a4b23cSlackware Security Advisory - New llvm packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
e40b7a87e8779bf5789ddc70f07b9c5419c548417c0e9525ce6a5602946a05ceSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
338a04e049a16be8021d619d106755fe981ea4d1c82a61d93f4208f3d6decc5fSlackware Security Advisory - New libiodbc packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
1cb16d0d8f5f65e0412c35d5ec5d3f567bee88da0a60a8988c71d7d05a0b95f4Debian Linux Security Advisory 2820-1 - It was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems.
52579bb6c1260754549b627f26a19aca1783ce6249a99e6f328515fe8c576c88
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed