Red Hat Security Advisory 2015-2159-06 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.
4c8f1214c87209b025a888e27c36d8b6ff081c288e2cfca9b6e90d6d41fae18d
Red Hat Security Advisory 2015-2140-07 - The libssh2 packages provide a library that implements the SSH2 protocol. A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client. Previously, libssh2 did not correctly adjust the size of the receive window while reading from an SSH channel. This caused downloads over the secure copy protocol to consume an excessive amount of memory. A series of upstream patches has been applied on the libssh2 source code to improve handling of the receive window size. Now, SCP downloads work as expected.
b68e45af8025497478fc0ae997caa7323085b856d2be7c4e4f55033346d7dc6e
HPE Security Bulletin HPSBUX03522 SSRT102942 1 - A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
633b86234c3422d4596642a9db25d7bc7a4fba620db6fd90ceb1ab81467cc759
The Help Forum on LinkedIn suffered from a cross site scripting vulnerability.
2a9bd1ced4f661fb3399fe7cdf77a6afff11cf4a90862e613b8e31b764cbbe69
SHAREit WebShare version 2.3.80 suffers from a cross site request forgery vulnerability.
490d8d74a088ae1e4e4d195dd7241004c00b9d1b1902cad5c9bccb3ab6cd3669