Debian Linux Security Advisory 3513-1 - Several vulnerabilities have been discovered in the chromium web browser.
4d096388ce78b5b8cf8a52dc924b1466e2394e2dd454d6aefd068ccebba59aa6FreeBSD Security Advisory - A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN. Various other issues were also addressed.
3dc25b95a3b0e894796bebc78d2c22db92393a6b8fa48106e84605e40b76a348FreeBSD Security Advisory - Testing by ISC has uncovered a defect in control channel input handling which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel (the interface which allows named to be controlled using the "rndc" server control utility). An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. A remote attacker can deliberately trigger the failed assertion if the DNS server accepts remote rndc commands regardless if authentication is configured. Note that this is not enabled by default. A remote attacker who can cause a server to make a query deliberately chosen to generate a response containing a signature record which would trigger a failed assertion and cause named to stop. Disabling DNSsec does not provide protection against this vulnerability.
511b0fffe4ca8e6584c5c8a182c7a5ff4bb7fa1f2086db6fc678849054b18a03Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
1129ebf72f0694a5ccc0c3979a0215179671fa2c1136eecd0ac9695df0e28f1eSlackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
920b54243f32323bb46c576548e2f5628a9c4e22d9d5d0472c12a727c5fa37b1Debian Linux Security Advisory 3512-1 - Markus Vervier of X41 D-Sec GmbH discovered an integer overflow vulnerability in libotr, an off-the-record (OTR) messaging library, in the way how the sizes of portions of incoming messages were stored. A remote attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks (application crash), or potentially, execute arbitrary code with the privileges of the user running the application.
594fab421417edb38ff98ef311a8b0ebff4444c304515883af5077c0246f3a6bDebian Linux Security Advisory 3511-1 - Two vulnerabilities have been discovered in ISC's BIND DNS server.
62b562b2ccae9b1718fb08eee7cec22d62de833cc25c2cf883b710f3badc0928Gentoo Linux Security Advisory 201603-14 - Multiple vulnerabilities have been found in IcedTea allowing remote attackers to affect confidentiality, integrity, and availability through various vectors. Versions less than 7.2.6.4 are affected.
58a88b86d176970190ab489d666699fc92329ffccba973bb74bbff3ebd4ceb4eGentoo Linux Security Advisory 201603-13 - Multiple vulnerabilities have been found in libreSwan possibly resulting in Denial of Service. Versions less than 3.15 are affected.
d12d322b3f92f1c72f1e3e2c6be162b8c1f90d96d53576bb4e0dac246308230aGentoo Linux Security Advisory 201603-12 - Multiple vulnerabilities have been found in FlightGear and SimGear allowing remote attackers to cause Denial of Service and possibly execute arbitrary code. Versions less than 3.4.0 are affected.
30105103146a2690ebb9ae5175cd724036114d223be8067a9f4fa03288e44181Gentoo Linux Security Advisory 201603-11 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service. Versions less than 1.8.0.72 are affected.
a573a776d189960b19aa0b3e4206d544fb1f18907e840bb093538b2819f3c80bGentoo Linux Security Advisory 201603-10 - Multiple vulnerabilities have been found in QtGui allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.4.1-r1 are affected.
5fe5d1ac35cbed329ca4bec1f192149b55d77153f3aa9e41902d904b7cdd55cfApache ActiveMQ versions 5.13.1 and below suffer from a clickjacking vulnerability.
a7ac02496d78443ab880b6a2ea6ee8940443d1bec51c00034fef176cdf38f38dApache ActiveMQ versions 5.13.0 and below suffer from a cross site scripting vulnerability.
34f3f24bff3127a31d9d602adf547e2d67725f9418e6b789e16f74c70ed95a6dWebKitGTK+ versions prior to 2.10.5 suffer from memory corruption, denial of service, and various other vulnerabilities.
84077362a3296d3578913e4c5b4b15aa619886b4e8841d685468ce9566a84edfRed Hat Security Advisory 2016-0438-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
243892d3b6c81033b8b216d1caf1cfdab86d6157849227d81580220b267c521dThe Chrome GPU process suffers from a sandbox escape vulnerability due to the use of an invalid iterator in its IPC handler.
d2d9c1487cfb63d12edeb554dbcb77ba9f610f4a712c8e1c702ea55db2525c82This summary lists one bulletin that is added to the March, 2016 Microsoft security bulletin.
f6e84fabfef9ac77df5cbe4f618702fb848646670da5f23dbdebe366a2590e3cUbuntu Security Notice 2926-1 - Markus Vervier discovered that OTR incorrectly handled large incoming messages. A remote attacker could use this issue to cause OTR to crash, resulting in a denial of service, or possibly execute arbitrary code.
f67b0217d1992c373207172bb28efa3fdad04ab3e16925e3431e054bc3bc43c1Ubuntu Security Notice 2920-1 - It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun function in Chromium mishandled nested message loops. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.
236ba0557b9d40751af735654fcef90623af994edd3294795d9bcfe621947b98Red Hat Security Advisory 2016-0430-01 - Xerces-C is a validating XML parser written in a portable subset of C++. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application.
7190bbe0c03ec41ec385fa2a651d60b22115e280dbbfe558cbaffdaaadb0e5c3The SEND_RESPONSE_TRANSACTION and SEND_NOTIFICATION_TRANSACTION IPC calls in BnBluetoothGattServer::onTransact are vulnerable to stack corruption which could allow an attacker to locally elevate privileges to the level of the bluetooth service.
cbc7f6f546c6a4a041cd6195c2cb666ba89578a8bc1ee57f073e4fde11ca48cbCisco Security Advisory - A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.
950c7aa717066ed5bc50159e37305000d57c26a4941319069246006e96220df1Cisco Security Advisory - A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device. The vulnerability is caused by improper access restrictions implemented on the affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.
76ce7781e56037d70712a157cb7fe3f3344068293f9a02489433bf521eb2d369Cisco Security Advisory - A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and restart, creating a denial of service (DoS) condition. The vulnerability is due to improper handling, processing, and termination of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to management-enabled interfaces of an affected system. Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.
daf4ac066b83565ccad1bcb5481f83420c0e44801325bb0b0954af7ecd69a860
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed