Debian Linux Security Advisory 3529-1 - Multiple vulnerabilities have been found in Redmine, a project management web application, which may result in information disclosure.
3c4bd36e3f4f56c4d2db7e9d3f4f6240302caccb9ba58ac01e47ebbb76aee5b6Debian Linux Security Advisory 3528-1 - Stefan Sperling discovered that pidgin-otr, a Pidgin plugin implementing Off-The-Record messaging, contained a use-after-free bug. This could be used by a malicious remote user to intentionally crash the application, thus causing a denial-of-service.
91076704061523e8bd8949e259aa2c51fc44e8643687d0d0a6c85c950b421c2cCisco Security Advisory - A vulnerability in the Wide Area Application Services (WAAS) Express feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of TCP segments. An attacker could exploit this vulnerability by routing a crafted TCP segment through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a denial of service (DoS) condition. To exploit this vulnerability, the attacker needs to route a crafted TCP segment through an egress interface of a device because the vulnerable function is an output feature of the software. In addition, the WAAS Express feature must be enabled on the interface, typically a WAN interface. In most deployments, this means crafted traffic must be initiated from within a device to exploit the vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
8c9151ca025717f5aea4d7b8e3bc65979100a2c12ccc7b8bf41bf75ee4e096d7Cisco Security Advisory - A vulnerability in the Locator/ID Separation Protocol (LISP) of Cisco IOS Software running on the Cisco Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series Gigabit Ethernet Module could allow an unauthenticated, remote attacker to cause a reload of the vulnerable device. The vulnerability is due to a lack of proper input validation when a malformed LISP packet header is received. An attacker could exploit this vulnerability by sending a malformed LISP packet on UDP port 4341. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability.
1d37c1dacd7682c9ff94e7579f5aa202f95e8e0753652ea482a401163e4f4696Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the vulnerable device.
18b930eb75967cb7ea01a0eaf7a974f21b10af07b68ca43711cc30f589a17f1cCisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.
210ad4da6ac20b8601b82dc32071c53bf698d18f5db91e2d3b3ed794abbfca80Cisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) gateway implementation in Cisco IOS, IOS XE, and Cisco Unified Communications Manager Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device. The vulnerability is due to improper processing of malformed SIP messages. An attacker could exploit this vulnerability by sending malformed SIP messages to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling SIP on the vulnerable device.
82f7616aeeffff2c3526a5e32f3ec5032d0965215fa1730a4b03b1956abd77b3Cisco Security Advisory - A vulnerability in the DHCP version 6 (DHCPv6) relay feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 relay messages. An attacker could exploit this vulnerability by sending a crafted DHCPv6 relay message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
4b7b9f267c20abe07e7b17e66c8b870b9a8e0b20a8cd0ef535d5c77533548d70Ubuntu Security Notice 2939-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
31a04cc1e394b8107383398fd69a54b55358e90cbaacb507ee0a0b40e97b151aDebian Linux Security Advisory 3526-1 - It was discovered that libmatroska, an extensible open standard audio/video container format, incorrectly processed EBML lacing. By providing maliciously crafted input, an attacker could use this flaw to force some leakage of information located in the process heap memory.
e17fe6d624441bcd832b90facbdb9a9ed02233c8966a0650fe4993cb2060aeb4Red Hat Security Advisory 2016-0497-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.
212fda6729a6768d6f7ad3d832d6f9ef4276e13fe9fc71f9ae59f9653f50af59Red Hat Security Advisory 2016-0496-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.
33481f9b2e323032036bbac27addbdbb7aca8f0d60afb5adf509af12b34245ccRed Hat Security Advisory 2016-0494-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. The security impact of this issue was discovered by Red Hat.
80c54b65ae506f1bd02a2a902ef6537ba749f2d08c2885f9ed60f7d6ef16502fRed Hat Security Advisory 2016-0493-01 - Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure.
0e26967fe71da50ea746ca56ebbcbd9d8e567b9479d3f724ddadcfc1a14f7e01Red Hat Security Advisory 2016-0492-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. Previously, using a New I/O connector in the Apache Tomcat 6 servlet resulted in a large memory leak. An upstream patch has been applied to fix this bug, and the memory leak no longer occurs.
986c615e343a02a31239053dbcc2ca4ace64881603b3079b68d4cc77891cc485Red Hat Security Advisory 2016-0491-01 - Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code.
1c8dbb1c6105619a657be78d0cb2ea781f9214a1e2082f02d87b336503f8acc9Debian Linux Security Advisory 3525-1 - Vincent LE GARREC discovered an integer overflow in pixman, a pixel-manipulation library for X and cairo. A remote attacker can exploit this flaw to cause an application using the pixman library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.
fba720c0d3e90f68190018adddc68de92e676476b3b8967b4271fbe9e372278bRed Hat Security Advisory 2016-0489-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issue is addressed with this release: It was found that ActiveMQ did not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the ActiveMQ application.
c167e3d8f6f600ab83c359b1f2e0d619cadb47f08e42a17fb9a8a88b9b2d5e66Red Hat Security Advisory 2016-0490-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.
5acd2c526da16235e590f280881bf7c08e3d07dd82e68161ed9d958c6754780eComodo Antivirus includes a full x86 emulator that is used to unpack executables that are being scanned. Files read from disk or received over the network, including email, browser cache and so on can all trigger emulation. The emulator itself uses a sequence of nested lookup tables to translate opcodes to the routines that emulate them. The xmm/ymm registers are used like a union in C. For example, the registers can be treated as 4 floats, 2 doubles, 2 dwords, 8 shorts and so on - whatever is appropriate. The comodo emulator uses a union to represent these registers, and then each emulated instruction uses whichever union member matches it's function. For example, PUNPCKLBW would use regs->words, PSRLQ would use regs->qwords and so on. The code for PSUBUSB incorrectly uses the wrong union member (words instead of bytes), meaning it will clobber double the space allocated by CPU::MMX_OPCODE(). The fix for this vulnerability is to use the bytes member of the union instead.
65a2860985334c929241500c3eec6733661c6d157ba7ce5980acbe5b0395bc08Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.
3f5b87490fc0b888969c59aa3c86769bc4e48285372026935f48a72f9f313a9aApple Security Advisory 2016-03-21-6 - Safari 9.1 is now available and addresses code execution, interface spoofing, denial of service, and various other vulnerabilities.
a8eb642d04c965e996635f15999f220f4f3fa6eb33970813cc774fc9032a8db0Apple Security Advisory 2016-03-21-5 - OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
70ee7534060a15cce4887519635499ad26a30d4596bdf4d28ce6ea94b25fefadApple Security Advisory 2016-03-21-4 - Xcode 7.3 is now available and addresses multiple code execution vulnerabilities.
d45002641c3c19bee4fdec1c1a6e76827a26858fe07d85b7bd61d992c80bdafaApple Security Advisory 2016-03-21-3 - tvOS 9.2 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
576bf88cd8411520d0b41a89dc0b71a608a7bbddb1b15581478a9131071d23ca
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed