Ubuntu Security Notice 2478-1 - It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.
f9290ec437e7f5a67f27daca640706d51091fd5c4eafb244f218826c3647f564Debian Linux Security Advisory 3131-1 - John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.
0bc385c6b6e3000bee1436fe2d211ac62230a51377f11c33c6cbd35e2274fcb3Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
067a114bb8ced0dd271c61469499f8f851111638ac7c9d87cd038adbf54dc84fSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
793edf9f3510d23b394c0352ece1b2a30c6ff3f3a6a422527dcad76b3e5a363bSlackware Security Advisory - New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
f32f37069f9b22d92472ceeef8c056b5606a6f784a3aa07efad50b8ba7a8e811Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
b2f2acd2b7e866601246d15ce7f2a23f36629f8bc37842eebedcd936e1e51d16McAfee Advanced Threat Defense suffers from sandbox fingerprinting and bypass vulnerabilities.
2624fb2773fbb3eb3d8992461ab80c9bd568b23d1658a54e5724fd69b9e9c767The kiwix-serve binary suffered from a cross site scripting vulnerability.
1755734888d70a6f3de86bd391cf903f80302dea3cc61d65b03260edcc5efa81VLC Player version 2.1.5 suffers from DEP and write access violations.
f3414418ba8c1a4001993c71b51260343c37f9c838648c90a42c34bf7214f54cMandriva Linux Security Advisory 2015-027 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
8db2a8779b1b5045f0e914377584f2e707328f0f91ef09e5a26429ff9fa5d67cDebian Linux Security Advisory 3129-1 - Two vulnerabilities have been discovered in the RPM package manager.
77424e485f26ee7c5f94bde26c163e06105007157e64c8ced2bb3db148881a5dMandriva Linux Security Advisory 2015-025 - A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer.
faf385a85cf1c88fa556f099c4b6a266ec941d0921e50ed80518b9a698ee0475Mandriva Linux Security Advisory 2015-026 - Updated unrtf package fixes various crashes.
4b2027d0c7d4d18148bf835d25987f1f3c2805aec5220887d7ac959db9db143eMandriva Linux Security Advisory 2015-024 - libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service. libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.
11b200e14f9debb834664d4152a9875616368d0736a52a6a9b0911f2bffe6505Mandriva Linux Security Advisory 2015-023 - The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
3b9e926c5fdecb27c682d9a45247c187e91b7779b1fea3239e09cab6ad24c23cDebian Linux Security Advisory 3128-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.
0af5ff077c785b67bdc9d4201ec4c67ff2526a3bd6be795149b48a9c19c69bf9FreeBSD Security Advisory - A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. A memory leak can occur in the dtls1_buffer_record function under certain conditions. When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64.
6b633613b9bf20e430138bcb9a4cbb55605cef4fd325b34bf465a3f04a1b0191Ubuntu Security Notice 2475-1 - Clemens Fries discovered that GTK+ allowed bypassing certain screen locks by using the menu key. An attacker with physical access could possibly use this flaw to gain access to a locked session.
7307eb6f6cd9ffaf0b53a580753c545ba02bc0a319357261895f012ef2f0e292Ubuntu Security Notice 2474-1 - Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests.
07cd54f515eb59155f0c0d0f7601e6cb2cb4ad88b9a4b53e55e6296cdbea1be9Ubuntu Security Notice 2473-1 - It was discovered that the distcheck rule in dist-check.mk in GNU coreutils allows local users to gain privileges via a symlink attack on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS. Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code. Various other issues were also addressed.
8851857d456171149f36bb09e5b7ecd20734f5800855deeff959716f71064910Ubuntu Security Notice 2458-2 - USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
0e4576dca2a7548be8635513343f1ea1f367d17a4d8b974932e22faa60527fd1Ubuntu Security Notice 2458-1 - Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Various other issues were also addressed.
92db72866e344fea97e1912c537fa769148bc62a174db073d8f01c65c07fe937Ubuntu Security Notice 2472-1 - Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
96af76586c7eb74cac5329190917c1ca0395474a94546844ff04517a84a4601dUbuntu Security Notice 2471-1 - Wolfgang Ettlinger discovered that GParted incorrectly filtered shell metacharacters when running external commands. A local attacker could use this issue with a crafted filesystem label to run arbitrary commands as the administrator.
265b8fe19c33d5739aed4b6c46c34c0f10d7a0cdf4e819c089dbec08f2592594Red Hat Security Advisory 2015-0028-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that CloudForms Management Engine exposed SQL filters via the REST API without any input escaping. An authenticated user could use this flaw to perform SQL injection attacks against the CloudForms Management Engine database.
8a56d3fa80b7922b97a12c02b14567a25741582063179eb604ec9b68d183c0f7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed