Debian Linux Security Advisory 3252-2 - Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or possibly have unspecified other impact.
7a0685c71c1b4c39a53b4d0bcb788d4af7b3ae6a988220dc6050e5abb4394346
Debian Linux Security Advisory 3288-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
ea87615a3b06e77b337b2df1801d61b7c7d493f9c469f7515848dffd6e1847c4
Debian Linux Security Advisory 3287-1 - Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.
8973598b9eab155137f8a27dab1743defaf1d92670002f5b25f202a1b6fea269
Debian Linux Security Advisory 3286-1 - Multiple security issues have been found in the Xen virtualisation solution.
df4617fff922fb14aa9bb8c070aeda54fe27f17dd3749d173e00aec0f1557304
Debian Linux Security Advisory 3285-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
e33433c17499dd79c1bb1dae8bdae24e5514dc76b4688c07b38375f0c1b0cb3d
My Wifi Router version 1.0 suffers from a buffer overflow vulnerability.
e82c965f3dcb1eeb55f2121093aeda9d8103007349472a43cb457e3c6d220f49
FreeBSD Security Advisory - A vulnerability in the TLS protocol would allow a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is also known as Logjam. When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. Various other issues have also been addressed.
0f31d8be8e851db5b69fa3df18252499edec9d5d973028af8019e2d1dedd741b
Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
2962493df3bab04e6da05c5a3ab7712dc75bd67fbb5d58875167e328474e2492
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
d46bff1ad8715f8db73bf3d6deb2ea0641bf605d7e81b4b90da0ea972c16a264
SAP has released the monthly critical patch update for June 2015. This patch update closes buffer overflow, remote SQL injection, XML eXternal Entity, and hardcoded credentials vulnerabilities.
19387f24cc2e3fc9d5721e3adda4e660354e12481fa568f2e559c14584e13347
Subversion's mod_dav_svn server allows setting arbitrary svn:author property values when committing new revisions. This can be accomplished using a specially crafted sequence of requests. An evil-doer can fake svn:author values on his commits. However, as authorization rules are applied to the evil-doer's true username, forged svn:author values can only happen on commits that touch the paths the evil-doer has write access to.
cab2132d107a1c63a748c32bd67d39e8e9ba004dc0bf449d158f9ba52375ff85
Cisco Security Advisory - A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the line card processing an IPv6 packet. The vulnerability is due to incorrect processing of an IPv6 packet carrying IPv6 extension headers that are valid but unlikely to be seen during normal operation. An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic. An exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition. Cisco has released free software updates that address this vulnerability. There is no workaround that mitigates this vulnerability.
e56b00b94f7935d03ca8b85ffb3a47abd5d4c85aedc4c8a4a169c488060e8544
Red Hat Security Advisory 2015-1092-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file. All ceph-deploy users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
903625fd512cb723eded71f869c02f523d709e43cb5dc7fa87241a43a4b04864
HP Security Bulletin HPSBUX03337 SSRT102066 1 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
754fae670041f7a697aa8004120dac15eb6d07f2889f1104112f7ee98c3f9f82
Red Hat Security Advisory 2015-1090-01 - The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A buffer overflow flaw was found in the way wpa_supplicant handled SSID information in the Wi-Fi Direct / P2P management frames. A specially crafted frame could allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash or, possibly, execute arbitrary code.
d9913a62cd26b15012bcd78bd7985bcd44d8cd4b0c2018608202c6371cd70b5d
Red Hat Security Advisory 2015-1091-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
1f1c757b8532c2f6bdc5d7166473142c3d7d84cdac3f133218257a51f3cfdf32
Ubuntu Security Notice 2639-1 - Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. Various other issues were also addressed.
87ad9ec34f5dbae6e3c6015b65bc10b48a02bfcae5965f3f1a193df6f7b60390
6kbbs versions 7.1 and 8.0 suffer from a weak cryptography implementation due to using md5.
f72d5ca7257f869a0b76e6d21a64764d4f385da0dad7dbb750adbb00afb4ed4f
OpenSSL Security Advisory 20150611 - When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. Other issues were also addressed.
e259b40e3a90a46bb96aac9b7b13501d043b19e0a29743d79533debfb1a522c2
Red Hat Security Advisory 2015-1086-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
db83beac5fe93d8aefca50eb522e34464a8b354f0e56501cf40abcb40932e378
Ubuntu Security Notice 2630-1 - Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kurt Seifried discovered that QEMU incorrectly handled certain temporary files. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.
0cf8d12b43821d761977856e4b4c7a6239ab8e88288255906bfafed04c494023
Ubuntu Security Notice 2638-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.
6942662bbc2cf4e39a28196fa2be2e88a0c52615e70e44cc00752fd789290733
Ubuntu Security Notice 2633-1 - Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
94a979aa18d5d19f77e0fd9139085db8fede248b5ca99633d3dd5e43fb0d843c
Ubuntu Security Notice 2637-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.
4e1e1f887e80da6543fabb8678249142a514c1579b76e665fb11950144e98f67
Ubuntu Security Notice 2635-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.
8eb3f8978ff14d623d6e1288082230f137fbcf13c00e7e4162587e2623df9b8f