Mandriva Linux Security Advisory 2014-249 - During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process.
adf1d3e7d2fd271696062fca8f954a2af9753513a585d7bb64bd9f7fcc5d0f55Mandriva Linux Security Advisory 2014-248 - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
87aabea0b65c9aaa124ec95d557113deb52f6d9692681c574a524366affbe9f4Mandriva Linux Security Advisory 2014-247 - Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service or the execution of arbitrary code.
5d23fe2eeb175480a6aff36ada4175a952b2290341274472507d97c8f7cefaceGentoo Linux Security Advisory 201412-12 - Multiple vulnerabilities have been found in D-Bus, possibly resulting in local Denial of Service. Versions less than 1.8.10 are affected.
ace5ab63b7a75f393ac56d393383f548a8b397f417ed2529a932894237c3b60fMandriva Linux Security Advisory 2014-246 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service. The openvpn packages has been updated to the 2.3.2 version and patched to correct this issue.
d68c5a0989fe540e597168036b2e3568179f1806f12dde0333bf499275742a10Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.
812d31eb8958cb4cc614f89b209201bd059c54668a58d0182c6f4a98085d268eGentoo Linux Security Advisory 201412-28 - Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code. Versions less than 2.3.18 are affected.
76dc0b7e4c9e8b791f80a766fcc8ca7f6bcd6698fbd68637fd46c0e03c25cb62Gentoo Linux Security Advisory 201412-27 - Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. Versions less than 2.0.0_p598 are affected.
54e66264d3d6d38c3086840b65a1d59298b94700ea2d898a1673e706acdba6e8Gentoo Linux Security Advisory 201412-26 - Two vulnerabilities have been found in strongSwan, possibly resulting in Denial of Service or a bypass in authentication restrictions. Versions less than 5.1.3 are affected.
cf8ea4abe1849887380c2cbfae888ca2592c5ba5fc2cf8d872e3abbee8919829Gentoo Linux Security Advisory 201412-25 - A NULL pointer dereference in QtGui could lead to Denial of Service. Versions less than 4.8.5-r2 are affected.
f3331c113b3195c4dba26da45b519d555e2bbe7998ee44af37b00daed3173300Gentoo Linux Security Advisory 201412-24 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which may result in execution of arbitrary code. Versions less than 1.5.2 are affected.
531681315b14c47a296cf90977437260a5af44c945ec181131516eb33de45f88Gentoo Linux Security Advisory 201412-23 - Multiple vulnerabilities have been found in Nagios, the worst of which may allow remote code execution. Versions less than 3.5.1 are affected.
a782c7e79db993504cb1a30fa333d074610dec108ee4a2d4bfd82116d9c93da3Gentoo Linux Security Advisory 201412-22 - Multiple vulnerabilities have been found in Django, the worst of which may lead to Denial of Service. Versions less than 1.6.7 are affected.
f7c853cbb69afa4284b4d978bb8f2dc5df475833df9c29ae53b639476cb70428Gentoo Linux Security Advisory 201412-21 - Two vulnerabilities have been found in mod_wsgi, the worst of which could result in local privilege escalation. Versions less than 3.5 are affected.
394d64c03be297c9d4fcd2bc756057ad42ac5a830bf9618bb9c6e04176f1965dGentoo Linux Security Advisory 201412-20 - A vulnerability in GNUstep Base library could lead to Denial of Service. Versions less than 1.24.6-r1 are affected.
58b53c4fef4e3dc528c883409bc826ecdca9d9030badf64bb1a77f4957aa0d57Gentoo Linux Security Advisory 201412-19 - An integer overflow in PPP might allow local attackers to obtain sensitive information. Versions less than 2.4.7 are affected.
00f3972057ce9cbd8ec2d55752bb839c01a61afac4c677093d3e6e8338a5caaeGentoo Linux Security Advisory 201412-18 - An integer overflow in FreeRDP could result in execution of arbitrary code or Denial of Service. Versions less than 1.1.0_beta1_p20130710-r1 greater than or equal to are affected.
04fd461f4f6424d13513779dfce248021c6c56912566970be1544e3255f2ca57Debian Linux Security Advisory 3103-1 - Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
a1ddf6c50b16ffa24a96002cafff871f602e1595d5aafacc8d319fc27d8cbab0Debian Linux Security Advisory 3102-1 - Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
c1980d775778424421c5584e68774bb782a7e149bd23a685210320f6c9af1ddeMandriva Linux Security Advisory 2014-238 - By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service.
364612ecdde69424cfdbb1508aea34aebe69c539fdb8ce4505af27a85795d201Debian Linux Security Advisory 3101-1 - Several vulnerabilities were found in c-icap, an ICAP server implementation, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts.
85bbeb9471cbe0c3bd7e45d7b7dd2f5ec366beebdcf42d2b15b2c23214f45472Debian Linux Security Advisory 3100-1 - mangling allows an article editor to inject code into API consumers that deserialize PHP representations of the page from the API.
938a5a4768207167fbdbfff21bd74ec290cdf1ac4c38e0a1d24f04d2de4715f2This bulletin summary lists one bulletin that has undergone a major revision increment for December, 2014.
10f297ef1c2d5cdcff4b9051acd3dab402f0f4dc2931074932d16cef502726d8A potential vulnerability in RSA Authentication Manager 8.0 and RSA Authentication Manager 8.1 may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.
c94e4103d1b1f6c1f48e2083bc20a14a126ed6661565ecc81889a562ba568adbRSA Archer GRC Platform version 5.x suffers from cross site scripting and various other Oracle JRE 7 vulnerabilities.
6b4a2792bb657ccb72440c6bd80139f9a70eac83846efd16aae3847693ce4c1c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed