Debian Linux Security Advisory 3914-1 - memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are processed.
c11221e064c251a1dfebe04b67b54f44Ubuntu Security Notice 3309-2 - Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbitrary code.
d9adc4a5e568efdb1a578bb72c43a3d3Ubuntu Security Notice 3354-1 - Felix Wilhelm discovered a path traversal vulnerability in Apport when handling the ExecutablePath field in crash files. An attacker could trick a user into opening a specially crafted crash file and execute arbitrary code with the user's privileges.
7f082bd743c0b05ef8874f3cb49df08cUbuntu Security Notice 3274-2 - USN-3274-1 fixed a vulnerability in icu. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that ICU incorrectly handled certain memory A operations when processing data. If an application using ICU processed A crafted data, a remote attacker could possibly cause it to crash or A potentially execute arbitrary code with the privileges of the user A invoking the program. Various other issues were also addressed.
0fddf9f1f82d4364c67f177a04c66787Red Hat Security Advisory 2017-1766-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
004d8b9ce9aee29117bfca0aee696e94Red Hat Security Advisory 2017-1759-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet.
2047dbaee96de03766442f03225456fdUbuntu Security Notice 3347-2 - USN-3347-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. A Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot A Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and A Yuval Yarom discovered that Libgcrypt was susceptible to an attack via A side channels. A local attacker could use this attack to recover RSA A private keys. Various other issues were also addressed.
fd750c8da9a13d230bb2725580662c1dAndrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.
f33f9e8f678adbf7a3a32f53939cff60Ubuntu Security Notice 3353-2 - USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks.
58e0ef79e0e7c5ad4201a654bb0cb440Ubuntu Security Notice 3353-1 - Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks.
f41fb95fe553cf1266479bdfe22ad0d2Debian Linux Security Advisory 3908-1 - An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.
2d367b8f14fc73b9768c34d3df9ea843Ubuntu Security Notice 3352-1 - It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information.
0a3c25fdc743605f7bb042a72bdff5bfUbuntu Security Notice 3351-1 - Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in Evince.
7aea436d31b0e11773b9eb59d9c5be35Red Hat Security Advisory 2017-1739-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A cross-site scripting flaw was discovered in the OpenStack dashboard which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.
95af0406275f158f0085ef9a2ede7899Red Hat Security Advisory 2017-1731-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.137. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
32cef9657a3ce726d633e0dba2951591Red Hat Security Advisory 2017-1721-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.
fc524626b25012e84611eccacaa89fdfRed Hat Security Advisory 2017-1715-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
6cb9a3cd6aba6439cf93b7f8e27fb742Red Hat Security Advisory 2017-1723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
75185b7c03dfc5dde8fb73a832f79046When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not check dir value of xfrm_userpolicy_id. This will cause out of bound access to net->xfrm.policy_bydst in policy_hash_direct func and others when dir value exceeds XFRM_POLICY_MAX. Linux kernel versions 4.12 and below are affected.
0a9bccc3cad6b206f80adee221c9dd8fGentoo Linux Security Advisory 201707-14 - A vulnerability in Gajim might allow remote attackers to intercept encrypted communications. Versions less than 0.16.6-r1 are affected.
2ce7a444a40b74b85f8b2e84b09636cfSlackware Security Advisory - New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
6f917da1caa8bfc75814b1bb03ee4aa7Gentoo Linux Security Advisory 201707-13 - Multiple vulnerabilities have been found in libcroco, the worst of which may have unspecified impacts. Versions less than 0.6.12-r1 are affected.
1793e2952d6addae780a82cc3f100816Debian Linux Security Advisory 3905-1 - Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak.
eec15ef958b064e5d22c3fbaa8454462Gentoo Linux Security Advisory 201707-8 - A vulnerability in feh might allow remote attackers to execute arbitrary code. Versions less than 2.18.3 are affected.
40951553fff817c1dc86e7aab502b98fGentoo Linux Security Advisory 201707-7 - Multiple vulnerabilities have been found in JasPer, the worst of which could could allow an attacker to execute arbitrary code. Versions less than 2.0.12 are affected.
a80f5473fe70b14926714399895e5370
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed