Debian Linux Security Advisory 3321-1 - The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service (crash) via crafted XML data.
6462eb2e7a56fdae86610f9b33d418d4615b8b5f180b0203a1a861ff20fb9b41Ubuntu Security Notice 2700-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Andy Lutomirski discovered a flaw that allows user to cause the Linux kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged user could exploit this flaw to potentially cause the system to miss important NMIs resulting in unspecified effects. Various other issues were also addressed.
943cf9af07e288f748c0571d7b91e0f511f1efcb344bcbd3cf30c83ca200c663Ubuntu Security Notice 2701-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Andy Lutomirski discovered a flaw that allows user to cause the Linux kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged user could exploit this flaw to potentially cause the system to miss important NMIs resulting in unspecified effects. Various other issues were also addressed.
b8bb77c070e7f389017664b2a2f1b7c79949709d710b497024adf5699d50ff3dDebian Linux Security Advisory 3320-1 - It was discovered that OpenAFS, the implementation of the distributed filesystem AFS, contained several flaws that could result in information leak, denial-of-service or kernel panic.
2ed0f85cf16cc180c20925fb79ff7ba5a5d1e90330f06f5c029ece633836b05aRed Hat Security Advisory 2015-1526-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.
28932cde7e1e54b5faa2a128d70fecb9ba81b65dd119ddde1d9ba9ffd2dfed25Red Hat Security Advisory 2015-1525-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.3 release serves as a replacement for JBoss Operations Network 3.3.2, and includes several bug fixes.
1f3955d5c9dcc4a4d449f91f650cd5a15f31a76b11dca7fc589ea77d37050e1bUbuntu Security Notice 2698-1 - It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Michal Zalewski discovered that SQLite incorrectly handled dequoting of collation-sequence names. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.
937b9f09e2a968893a7d63eceeef3020011624592253a0fec716f4b4f447004fUbuntu Security Notice 2699-1 - Enrico Zini discovered that HPLIP used a short GPG key ID when downloading keys from the keyserver. An attacker could possibly use this to return a different key with a duplicate short key id and perform a man-in-the-middle attack on printer plugin installations.
41797d8c5e7da29c64727415987d33f892e37e4bff37cc76a08a1cc9d86488b6Cisco Security Advisory - A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet. The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform. Cisco has released software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
927bb8bedea60ec82b1e53204a9f62223814ed18dd75bae126ded3c6b1eec619Ubuntu Security Notice 2697-1 - William Robinet and Stefan Cornelius discovered that Ghostscript did not correctly handle certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code.
22db086cbac83e658a8859ae66a6198f75f09d172119cfebab54fa87bdf63433Ubuntu Security Notice 2696-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
8ac70ef5d3ffc3c065a0c52d7f424e904636f1c7c4b12a1196a9cf9750c40c26Ubuntu Security Notice 2695-1 - Fernando Munoz discovered that HTML Tidy incorrectly handled memory. If a user or automated system were tricked into processing specially crafted data, applications linked against HTML Tidy could be made to crash, leading to a denial of service, or possibly execute arbitrary code.
336dfd98983f47de9f0d69470b93d230134fc1c320550ad9eac0643342f45923Ubuntu Security Notice 2694-1 - Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Kai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.
8804417254216ccc530798963467d9a6a6c33083c90ac34da9d1be7bcc0c39c8HP Security Bulletin HPSBGN03366 1 - A potential security vulnerability has been identified with HP Business Process Insight. This is the RC4 vulnerability known as the Bar Mitzvah attack, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
b918864d7cae5bf0425fd2d28c0c3223ad3d2d2b921317b80ddd094e6a36d29dHP Security Bulletin HPSBGN03367 1 - A potential security vulnerability has been identified with HP TransactionVision. This is the RC4 vulnerability known as the Bar Mitzvah attack, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
31eae33287034323bb0d9fd5c9218b3a0251c8fde99b7f03b778550f7585a298Red Hat Security Advisory 2015-1495-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Red Hat Gluster Storage's Unified File and Object Storage is built on OpenStack's Object Storage. A flaw was found in the metadata constraints in OpenStack Object Storage. By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.
84376bdb91826099c8d1fa4579e5493c43a6f53f2686c6e646e7dfa8e57ef9c7Red Hat Security Advisory 2015-1515-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.
92bd0030856a69af4da7d4c2b799173e40b1c3de179c0a3b4bf343d9f48bc64dRed Hat Security Advisory 2015-1514-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.
fafac577a237e448434eceb55f708fb50b5c609fb601b4668cdf9613c1951e3e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed