Mandriva Linux Security Advisory 2014-249 - During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process.
adf1d3e7d2fd271696062fca8f954a2af9753513a585d7bb64bd9f7fcc5d0f55
Mandriva Linux Security Advisory 2014-248 - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
87aabea0b65c9aaa124ec95d557113deb52f6d9692681c574a524366affbe9f4
Mandriva Linux Security Advisory 2014-247 - Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service or the execution of arbitrary code.
5d23fe2eeb175480a6aff36ada4175a952b2290341274472507d97c8f7ceface
Gentoo Linux Security Advisory 201412-12 - Multiple vulnerabilities have been found in D-Bus, possibly resulting in local Denial of Service. Versions less than 1.8.10 are affected.
ace5ab63b7a75f393ac56d393383f548a8b397f417ed2529a932894237c3b60f
Mandriva Linux Security Advisory 2014-246 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service. The openvpn packages has been updated to the 2.3.2 version and patched to correct this issue.
d68c5a0989fe540e597168036b2e3568179f1806f12dde0333bf499275742a10
Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.
812d31eb8958cb4cc614f89b209201bd059c54668a58d0182c6f4a98085d268e
Gentoo Linux Security Advisory 201412-28 - Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code. Versions less than 2.3.18 are affected.
76dc0b7e4c9e8b791f80a766fcc8ca7f6bcd6698fbd68637fd46c0e03c25cb62
Gentoo Linux Security Advisory 201412-27 - Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. Versions less than 2.0.0_p598 are affected.
54e66264d3d6d38c3086840b65a1d59298b94700ea2d898a1673e706acdba6e8
Gentoo Linux Security Advisory 201412-26 - Two vulnerabilities have been found in strongSwan, possibly resulting in Denial of Service or a bypass in authentication restrictions. Versions less than 5.1.3 are affected.
cf8ea4abe1849887380c2cbfae888ca2592c5ba5fc2cf8d872e3abbee8919829
Gentoo Linux Security Advisory 201412-25 - A NULL pointer dereference in QtGui could lead to Denial of Service. Versions less than 4.8.5-r2 are affected.
f3331c113b3195c4dba26da45b519d555e2bbe7998ee44af37b00daed3173300
Gentoo Linux Security Advisory 201412-24 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which may result in execution of arbitrary code. Versions less than 1.5.2 are affected.
531681315b14c47a296cf90977437260a5af44c945ec181131516eb33de45f88
Gentoo Linux Security Advisory 201412-23 - Multiple vulnerabilities have been found in Nagios, the worst of which may allow remote code execution. Versions less than 3.5.1 are affected.
a782c7e79db993504cb1a30fa333d074610dec108ee4a2d4bfd82116d9c93da3
Gentoo Linux Security Advisory 201412-22 - Multiple vulnerabilities have been found in Django, the worst of which may lead to Denial of Service. Versions less than 1.6.7 are affected.
f7c853cbb69afa4284b4d978bb8f2dc5df475833df9c29ae53b639476cb70428
Gentoo Linux Security Advisory 201412-21 - Two vulnerabilities have been found in mod_wsgi, the worst of which could result in local privilege escalation. Versions less than 3.5 are affected.
394d64c03be297c9d4fcd2bc756057ad42ac5a830bf9618bb9c6e04176f1965d
Gentoo Linux Security Advisory 201412-20 - A vulnerability in GNUstep Base library could lead to Denial of Service. Versions less than 1.24.6-r1 are affected.
58b53c4fef4e3dc528c883409bc826ecdca9d9030badf64bb1a77f4957aa0d57
Gentoo Linux Security Advisory 201412-19 - An integer overflow in PPP might allow local attackers to obtain sensitive information. Versions less than 2.4.7 are affected.
00f3972057ce9cbd8ec2d55752bb839c01a61afac4c677093d3e6e8338a5caae
Gentoo Linux Security Advisory 201412-18 - An integer overflow in FreeRDP could result in execution of arbitrary code or Denial of Service. Versions less than 1.1.0_beta1_p20130710-r1 greater than or equal to are affected.
04fd461f4f6424d13513779dfce248021c6c56912566970be1544e3255f2ca57
Debian Linux Security Advisory 3103-1 - Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
a1ddf6c50b16ffa24a96002cafff871f602e1595d5aafacc8d319fc27d8cbab0
Debian Linux Security Advisory 3102-1 - Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
c1980d775778424421c5584e68774bb782a7e149bd23a685210320f6c9af1dde
Mandriva Linux Security Advisory 2014-238 - By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service.
364612ecdde69424cfdbb1508aea34aebe69c539fdb8ce4505af27a85795d201
Debian Linux Security Advisory 3101-1 - Several vulnerabilities were found in c-icap, an ICAP server implementation, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts.
85bbeb9471cbe0c3bd7e45d7b7dd2f5ec366beebdcf42d2b15b2c23214f45472
Debian Linux Security Advisory 3100-1 - mangling allows an article editor to inject code into API consumers that deserialize PHP representations of the page from the API.
938a5a4768207167fbdbfff21bd74ec290cdf1ac4c38e0a1d24f04d2de4715f2
This bulletin summary lists one bulletin that has undergone a major revision increment for December, 2014.
10f297ef1c2d5cdcff4b9051acd3dab402f0f4dc2931074932d16cef502726d8
A potential vulnerability in RSA Authentication Manager 8.0 and RSA Authentication Manager 8.1 may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.
c94e4103d1b1f6c1f48e2083bc20a14a126ed6661565ecc81889a562ba568adb
RSA Archer GRC Platform version 5.x suffers from cross site scripting and various other Oracle JRE 7 vulnerabilities.
6b4a2792bb657ccb72440c6bd80139f9a70eac83846efd16aae3847693ce4c1c