Gentoo Linux Security Advisory 201401-18 - Multiple stack-based buffer overflows have been found in OpenSC, allowing attackers to execute arbitrary code. Versions less than 0.11.13-r2 are affected.
f7754ad1de3b980ff1e8b4d74435828455a2e2c1d07ad228b46d148aa2740c15Ubuntu Security Notice 2084-1 - It was discovered that the uscan tool incorrectly repacked archive files. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code.
e92ab9f2fc27450cbdfc097304af025ca1ef510e02d2e35503392f21c8a3522aUbuntu Security Notice 2085-1 - It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code. Various other issues were also addressed.
82c9a363a9042992362ccff7d326ebeec0884d0c91fb82f0fb606370bad9f552Gentoo Linux Security Advisory 201401-17 - A vulnerability in PCSC-Lite could result in execution of arbitrary code or Denial of Service. Versions less than 1.6.6 are affected.
d9ebd17c9ea06a31a3f650f7cbeb686c6eca5ea673dc3832bc97cdb7e38dc582Gentoo Linux Security Advisory 201401-16 - A vulnerability in CCID could result in execution of arbitrary code. Versions less than 1.4.1-r1 are affected.
4f0fa5f1896195a50a99d07e9cae6879be76eabf823c0761b9296527c318d03bDebian Linux Security Advisory 2847-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework.
aa18c02a1e2bc92bf8e6cbaf332041d96c7fbb2e5309c8aaa2138487acb989b7Gentoo Linux Security Advisory 201401-11 - Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent attacker to execute arbitrary code. Versions less than 5.16.3 are affected.
92d8d5759a27b001185c6521fec4e8b39a433512603eecfa0564f8a319809a00Gentoo Linux Security Advisory 201401-10 - Multiple vulnerabilities have been found in libexif and exif, some of which may allow execution of arbitrary code. Versions less than 0.6.21 are affected.
8e049747b64ce62958b8188f01ce787852d0b8fe60a51cc5691962b2625a6ff0Gentoo Linux Security Advisory 201401-9 - A vulnerability in Openswan could result in execution of arbitrary code or Denial of Service. Versions less than 2.6.39 are affected.
d4e96cbeeefc87ca2407e521e745e88d0d04544a5e816c3a7aa0cb2c4f406904Red Hat Security Advisory 2014-0045-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The JBoss Seam Remoting component provides a convenient method of remotely accessing Seam components from a web page, using AJAX. It was found that the ExecutionHandler, PollHandler, and SubscriptionHandler classes in JBoss Seam Remoting unmarshalled user-supplied XML and resolved external entities in this XML. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML External Entity attacks.
5182752535401efe3bedbcfe692f9abf8cfcd81266bb6f49bb17b538b10c8704Red Hat Security Advisory 2014-0044-01 - Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building blocks for establishing the mapping from files into the Augeas tree and back. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content.
bcc04e71dd127335ad1d05c553fa9c6e4d71e2879bd3aaf659b42e8e40dbf8a0Red Hat Security Advisory 2014-0043-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.
234078fe16c6ddf238e34a309eb50b41a8acaa76c37365c6d163ec0c9934835eMandriva Linux Security Advisory 2014-012 - The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. The updated packages have been upgraded to the 3.15.4 version which is not vulnerable to this issue.
b89f1b4a4e243ae1667aaeb1c78d43bed14afd1547721ce92ea804fd904255b6Mandriva Linux Security Advisory 2014-011 - Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the Beans component did not restrict processing of XML external entities. This flaw could cause a Java application using Beans to leak sensitive information, or affect application availability. It was discovered that the JSSE component could leak timing information during the TLS/SSL handshake. This could possibly lead to disclosure of information about the used encryption keys. The updated packages provides a solution for these security issues.
b0d7eb9b9f33d4066272ecfbbec9f2e56cb4eb2af0a63f451f9dbfe4e7a36e50Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.
db468e099ee0183090e4d1c7e60955a697fc5a4848c7ebb9fdb2c66ab4bb731aGentoo Linux Security Advisory 201401-13 - Multiple vulnerabilities have been found in VirtualBox, allowing local attackers to escalate their privileges or cause a Denial of Service condition. Versions less than 4.2.22 are affected.
6d2ece62ea5369425ee50f1c0be7833961be531fb3bbd68835b9e7eece595cd3Gentoo Linux Security Advisory 201401-12 - Multiple vulnerabilities have been found in GNUstep Base library, the worst of which allow execution of arbitrary code. Versions less than 1.20.1 are affected.
4b51e771e759f04f2f89772e3d70ac0566ae216c477a4fdcf124150996355f97Debian Linux Security Advisory 2846-1 - Multiple security issues have been found in Libvirt, a virtualisation abstraction library.
0ddde79a2602627d9c15a988b3565cbf0c6bd7e43a46674de20629e6a8688b35Mandriva Linux Security Advisory 2014-009 - librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference. For Business Server 1 gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg.
a8a5daad2c6d3d3246c089eaf7364d8a45fe880d93a700d893540b19bc9de1d3VMware Security Advisory 2014-0001 - VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues.
07287453a07e0d7df1d3cfcd28f6b0d4fc00d45337028a08b941cd95f2a7eaa4Mandriva Linux Security Advisory 2014-008 - Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash. .
7af8d53e84c8e17c80d5e3dc5083a41de47605307f780c632c8ff10a35fed7b1Mandriva Linux Security Advisory 2014-007 - The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. The updated packages have been patched to correct this issue.
7a7edc673b8aa4809fa4882410bf5431e74327edd08dae83d3353c992b6391baDebian Linux Security Advisory 2831-2 - The fix for puppet that addressed CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource.
d9fa7fd252945f25239673a14edad62d6c60150628dad98e39a4e130ac6e6503Gentoo Linux Security Advisory 201401-8 - NTP can be abused to amplify Denial of Service attack traffic. Versions less than 4.2.6_p5-r10 are affected.
bfee5ca74ecd0b48ef960b4e3d4b82173adcb82f55bd50bb8d7864079c00c3ebHP Security Bulletin HPSBUX02961 SSRT101420 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
5ea964ac8c43cc470c7a273d7cc57ed3149345526175846ee55dbca653979c6e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed