HPE Security Bulletin HPSBUX03410 SSRT102175 1 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
0bcf3af9b323865006242ba34964d1a7
HPE Security Bulletin HPSBUX03369 SSRT102037 1 - A potential security vulnerability have been identified with HP-UX programs using the execve(2) system call. The vulnerability could be exploited locally to create an elevation of privilege. Revision 1 of this advisory.
bd5440d8a3372131b936fca98fdde037
Debian Linux Security Advisory 3342-1 - Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files.
36d51453e2fb8a925ca1c5d750e47c7d
Debian Linux Security Advisory 3341-1 - It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets.
d7e6d94558aa7c0f03559446c870fda9
Red Hat Security Advisory 2015-1650-01 - Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. An improper permission check issue was discovered in the server admission control component in OpenShift. A user with build permissions could use this flaw to execute arbitrary shell commands on a build pod with the privileges of the root user. This issue was discovered by Cesar Wong of the Red Hat OpenShift Enterprise Team.
b188fe466e6df5f38796d1d8b9aa76aa
Ubuntu Security Notice 2702-3 - USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. Various other issues were also addressed.
9fe7f5f77923547e9c0d27abac359cc2
Ubuntu Security Notice 2721-1 - It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
c18aa7053ab3060fa8107ba5f8fa27ab
Debian Linux Security Advisory 3340-1 - Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data.
83418834485eabdc9b56f94fe3e5723e
Debian Linux Security Advisory 3339-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
57e717d64ad9204dbc14777b5ec72e2f
Red Hat Security Advisory 2015-1647-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. This update fixes several vulnerabilities in the MariaDB database server.
2a23f95bd0fe31574ec96acf58cbc9b3
Red Hat Security Advisory 2015-1646-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. This update fixes several vulnerabilities in the MariaDB database server.
bf1e89fb5a5996a89a2a2e76c72a566b
HPE Security Bulletin HPSBUX03400 SSRT102211 1 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
70a7a3eb221d29527b279d1a7ae2d8fa
Flash suffers from a use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom.
f8a306f06e1693cff15ffc83932ce2a5
Flash version 18.0.0.209 contains new mitigations to defend against corruptions of Vector.<uint> (and other) lengths. One of these mitigations, at Vector access time, compares the Vector's in-memory length with a representation of the same length XOR'ed with a secret cookie. The bypass comes about because the secret cookie value is stored inside a structure, and a pointer to that structure is stored alongside the Vector length.
7127d0015fa3af278bed72923a08cb0e
There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.
26f8972ad7564758b9f72faf7ba677ae
If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa bytes, an integer overflow will occur in allocating the buffer to contain its converted string data, leading to a large copy into a small buffer. A sample fla, swf and mp3 are attached. Put id34.swf and tag.mp3 in the same folder to reproduce the issue. This issue only works on 64 bit platforms.
761ae14c1d9b2801970a51e70e06eb88
The Shared Object constructor does not check that the object it is provided is of type Object before setting it to be of type SharedObject. This can cause problems if another method (such as Sound.loadSound) calls into script between checking the input object type, and casting its native object.
0721ea6f0b781427727cbdb96e55d027
A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
b3f1fdb1616bbbd919f8d165e9afe4a7
The maintenance service creates a log file in a user writable location. It's possible to change the log file to a hardlink to another file to cause file corruption or elevation of privilege.
db59d45a788db12a7a62da9cbfd6011b
Flash suffers from a heap-based buffer overflow due to an indexing error when loading FLV files.
6e438a036f01cba542b443fc29b95e1e
Flash suffers from a heap-based buffer overflow vulnerability.
10e3ed78cf1a04d4746ab5f9cd7e733a
A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x31B.
827c32373ba26b75aa39529cf305ceb8
A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
cff51440d1a04890d0df305bc881697b
There is a type confusion issue in the TextFormat constructor that is reachable because the FileReference constructor does not verify that the incoming object is of type Object (it only checks that the object is not native backed). The TextFormat constructor first sets a new object to type TextFormat, and then calls into script several times before setting the native backing object. If one of these script calls then calls into the FileReference constructor, the object can be set to type FileReference, and then the native object will be set to the TextFormat, leading to type confusion.
2a49f5292c0f939aeaa37c8a9c5986a9
A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x4A45. OffViz identified this offset as OLESSRoot.DirectoryEntries[100].OLESSDirectoryEntry[20].sidLeft with an original value of 0x00000000 and a fuzzed value of 0x00008000.
881f217072ce6412eaa7c6f3f3627758