Red Hat Security Advisory 2016-0074-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List records. A remote, authenticated attacker could use this flaw to cause named to crash.
03f7bbfa2b18a4a3b83bbffd6ed34a4d48ec454bf9244aad45716be05882f8d3Red Hat Security Advisory 2016-0073-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List records. A remote, authenticated attacker could use this flaw to cause named to crash.
0db5e96fc5a1c32ba00ccd1a8a3d18015f269e554da1d8b34e329b5755e2b83bRed Hat Security Advisory 2016-0072-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.82, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
1f7e8b8443509ecf1ca8eb1f131d227bb7c7e3f6216070fc81adf21bb3594a19Debian Linux Security Advisory 3455-1 - Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection authenticated as a different user.
3620e17695b64ca3c1d71e402b5865252838bb7f40fb0095351f1bce3684e807Red Hat Security Advisory 2016-0070-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space.
e73b61bb8856329558f3b1fe6a7f3f2ec02da96fe2e70154bb79cba5ab14ce31FreeBSD Security Advisory - A programming error in the Linux compatibility layer could cause the issetugid(2) system call to return incorrect information. If an application relies on output of the issetugid(2) system call and that information is incorrect, this could lead to a privilege escalation.
2462fca5abf2f3ca47e35945821727dadf6171021ac17e978ce0410a5ed2e46bFreeBSD Security Advisory - Multiple vulnerabilities have been discovered in ntp 4.2.8p5.
0012bd57d2a8406dd32930fabf358096ce959163c75bbf46f91070e3e7c213d8FreeBSD Security Advisory - There is an off-by-one error in a buffer size check when performing certain string formatting operations. Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer from their master. Masters using text-format db files could be vulnerable if they accept a malformed record in a DDNS update message. Recursive resolvers are potentially vulnerable when debug logging is enabled and if they are fed a deliberately malformed record by a malicious server. A server which has cached a specially constructed record could encounter this condition while performing 'rndc dumpdb'.
c803a5067169b0dd06a8b595f07a796ef604d725b2cec7e9041f63d8bdb30a0aDebian Linux Security Advisory 3454-1 - Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.
136e69f73fdf63ba39f28da933af0cb4bc9773576e34a8eca44649ebf4d8bee2Gentoo Linux Security Advisory 201601-4 - Multiple vulnerabilities have been found in OpenSMTPD, the worst allowing remote attackers to execute arbitrary code. Versions less than 5.7.3_p1 are affected.
d62d01579964fac63bf4746a32bf41e5b67100440041d0086c611de45fba65c2Red Hat Security Advisory 2016-0071-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
0707aeb8d6d66c6d6ac2cd338c1d1bbb3165a2c608c22b2298f846bd5f9cf289Red Hat Security Advisory 2016-0069-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on April 10, 2016. Red Hat will not provide extended support for this product.
a08df67f5b9ac459e1707c0ed2c561f2940ec67b6c4b71c7fa0bbb9fb5030297A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.
7ea58743d02ee926623f928ac586bd8f6713d712bf79215153e65bcee7689737The iOS kernel suffers from a use-after-free vulnerability in IOHIDEventService.
0993c62c9d7d3b84cf8014c889265e8630d8eb77eb33686a24adc235d64af0f7Pdfium suffers from a heap-based out-of-bounds read in Opj_j2k_read_mcc (libopenjpeg).
9e967851534fd579d0655685231a3b3e4c133231434770867bb38de1686a32dcSecure Item Hub version 1.0 suffers from input validation, code execution, and remote file upload vulnerabilities.
61146d0cd8a7b0ba1c76aa4c5ec50ae4a0936a2ce0c891375912179cb52e8ee4This proof of concept demonstrates the Android Libstagefright heap buffer overflow that occurs due to an integer overflow in MP3 ID3 tag parsing.
09894a423a096a40f949655278d8dd3129cf6b5cfb77897fe3b2873fd160d9efOpening userclient type 12 of IOSCSIPeripheralDeviceType00 leads to an exploitable kernel NULL dereference.
28a95b498e79b6f046637fef1058c83fb6eef97a32bfe058d4b061c8cc843127The iOS kernel suffers from a use-after-free vulnerability in AppleOscarCompass.
07c89757d7e1a727b6c919c8d09c684989b89529f2c1b57792b91afdea65dac4Wireshark suffers from a heap-based out-of-bounds read in Nettrace_3gpp_32_423_file_open.
30c5fd467a4934f18f3002d895ae08ab809c752d604ce260d4c2b9806572e0c2Kleefa version 1.7 suffers from cross site scripting and remote SQL injection vulnerabilities.
6afa623b152f53f185b3213c10ba71f75b86b70cc8b0e22cfe154198573032ecThe _ool variations of the IOKit device.defs functions all incorrectly deal with error conditions. If you run the mig tool on device.defs you can see the source of the kernel-side MIG handling code.
c4f8daf502963ad5eece0728838a97dbed83ae3ccd4fed0c0d0ea4932020c23dWireshark suffers from an out-of-bounds read in Hiqnet_display_data.
f49e05ff312ad06b95375d1199dbbab1e9bfcbb21e26eac3a2618a8ef490d826The iOS kernel suffers from a use-after-free vulnerability in AppleOscarAccelerometer.
f847b2c8805bf3af8196f69a53844b188d41d842f188dcb391ae8fdd35e8c3dbiOS / OS X kernels suffer from a use-after-free / double free vulnerability due to lack of locking in IOHDIXControllUserClient:clientClose.
adb1b7847f70f13cf0c6ea874eee96b6c0668190e0c8da0a1d59183341cb8770
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed