Apple Security Advisory 2014-12-11-1 - Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 are now available and include the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1.
e909e70c55ddbfe69bf50151e525da618d0db49b81d6fd12e29364c8282df3c7
ResourceSpace suffers from cross site scripting, html injection, insecure cookie handling, and remote SQL injection vulnerabilities. Versions 6.4.5976 and below are affected.
fc84bfa29e00ec8c50f80a3604debd8968d04680c2c4ff042bed27463b3ed0bb
BMC TrackIt! version 11.3 suffers from an unauthenticated local user password change vulnerability.
5fefd8b05da0065be210ad2c623884f150fbcfc0f1be8ecb4ef3325bee6f4935
Red Hat Security Advisory 2014-1983-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.
4134cd6f0552f1eb1400b783f6ac2383eeb1b8055ad51f10055d4c175deae1af
Red Hat Security Advisory 2014-1982-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.
478f070d556ff6738f2ac1014c8ee79908298350847ffa377f7e6050e494c65a
Ubuntu Security Notice 2439-1 - Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 14.10. Paolo Bonzini discovered that QEMU incorrectly handled memory in the Cirrus VGA device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. Various other issues were also addressed.
ec388958bc82daee7be8c36f5f4e98508d4891645648d42393411fc6ee898320
Debian Linux Security Advisory 3098-1 - Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code.
68bf61fc172f38d647343e482b1c4138112d7b7712b206f79b2462e2dd8eadfb
Ubuntu Security Notice 2440-1 - Jakub Wilk discovered that the write_one_header function in mutt did not properly handle newline characters at the beginning of a header. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service.
59746b50e1931c1a63fd3d48b648afe007d672914d474f9383ce994e4dbbee00
RedCloth suffers from a cross site scripting vulnerability.
0d1551e71891dbabbc9734d58f5f8086fb054dd7774bb7f2372a4a0bc5a6af11
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 to fix security issues.
3854a3344986e691648f646113317de5d16d92da0fc9bb4a3808bfb6717d8f25
Slackware Security Advisory - New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current.
3584aff1b7cfcfcd9a8f9d5c9139efb3b5345c34ee4ce74e8768624e017a00bf
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
b5cc39b89f4c29e479b74af161347cfae3e627e2878e0e185eb14f815b48b2a9
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
2db207e7fda328b5ccccecd8ccabde5b60085e312f499fc7537834d613bd026c
Slackware Security Advisory - New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
9ef12e213029270aa248943ad5b9422844dc9e3e00d6844dddab456d62eef849
Debian Linux Security Advisory 3096-1 - Florian Maury from ANSSI discovered a flaw in pdns-recursor, a maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial-of-service.
4cd36f6b37f6f3bef1df1431ca82d7737976f9ae02e165c11b5799a6ca733a01
Gentoo Linux Security Advisory 201412-7 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.425 are affected.
2024c0749ad66b80025c716a03281cdc6368a0515a3262938a2c77486279ba6d
Gentoo Linux Security Advisory 201412-6 - A vulnerability in libxml2 could result in Denial of Service. Versions less than 2.9.2 are affected.
488f9455d455779831e36c2917ddea03341a59a95026d328be82d683090193a3
Debian Linux Security Advisory 3097-1 - Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit (or make emit) queries to the server can trick the resolver into following an endless series of delegations, leading to resource exhaustion and huge network usage.
f29252d59d1726b09a850b5b3c121de1a09c064b5ff9e828dbac66759c64b0bb
Slackware Security Advisory - New openssh packages are available for Slackware 14.0, 14.1, and -current.
4c344a356c5cb7770aaa917d81fba6e98ddb181cee3db39bab8b488cb8d5bf02
Slackware Security Advisory - New wpa_supplicant packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues.
4ab5c91d6854aae0b005cfc718bf4de57a47cea8403b0f17395d89daf5abca1e
Gentoo Linux Security Advisory 201412-5 - A vulnerability in Clam AntiVirus can lead to a Denial of Service condition. Versions less than 0.98.5 are affected.
17f5aca312fef94e9f42435394743d802a5c84ea5511140dcef559924ebfc33b
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
8f757ca9e88d6a6dc8f9b6e46a3da5e3a2881b3311fb91c428bcf906683ac41f
FreeBSD Security Advisory - By causing queries to be made against a maliciously-constructed zone or against a malicious DNS server, an attacker who is able to cause specific queries to be sent to a nameserver can cause named(8) to crash, leading to a denial of service. All recursive BIND DNS servers are vulnerable to this. Authoritative servers are only vulnerable if the attacker is able to control a delegation traversed by the authoritative server in order to serve the zone.
2e31c97b539fc4e82125d344b6a294a5f148924e94a9c92ba2717d666271304c