It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.
cf9eb0b35f581391cfa449654007aaadDebian Linux Security Advisory 3917-1 - A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service (application crash) or have unspecified other impact, if a specially crafted file is processed.
f6daccf3faca48cbfae94615ba30b127Ubuntu Security Notice 3363-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
a22aa533fe3ee586db4071c5de9042c8Ubuntu Security Notice 3361-1 - USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
2a81ab5a406b26495cf15b17d009be23Ubuntu Security Notice 3360-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the performance events and counters subsystem of the Linux kernel for ARM64. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4b837ac472f4020e28f8436305442660Ubuntu Security Notice 3359-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
ac5a8bf8e487737dba8522c164aac232HP Security Bulletin HPESBHF03766 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 used in certain ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
a39834881c545886ee1c449eb45b4cbfRed Hat Security Advisory 2017-1787-01 - collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. The following packages have been upgraded to a later upstream version: collectd. Security Fix: collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service.
4d3bb0a8e2364a7904cc7d4aef7bacc6Ubuntu Security Notice 3356-2 - USN-3356-1 fix a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that Expat incorrectly handled certain external A entities. A remote attacker could possibly use this issue to cause A Expat to hang, resulting in a denial of service. Various other issues were also addressed.
defc3a37143ef73163722d9af3b69529Ubuntu Security Notice 3356-1 - It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service.
c3ce5df50a741dfe4e6b0991d01ed1f5Ubuntu Security Notice 3355-1 - Frediano Ziglio discovered that Spice incorrectly handled certain invalid monitor configurations. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
b2fe1779bf56d12df6827bde9585ed5fUbuntu Security Notice 3212-3 - USN-3212-1 and USN-3212-2 fixed a vulnerability in LibTIFF. This update provides a subset of corresponding update for Ubuntu 12.04 ESM. A It was discovered that LibTIFF incorrectly handled certain malformed A images. If a user or automated system were tricked into opening a A specially crafted image, a remote attacker could crash the A application, leading to a denial of service, or possibly execute A arbitrary code with user privileges. Various other issues were also addressed.
67e2591ccaa87a47c374822f1bc3b660Ubuntu Security Notice 3307-2 - USN-3307-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for ubuntu 12.04 ESM. A Karsten Heymann discovered that OpenLDAP incorrectly handled certain A search requests. A remote attacker could use this issue to cause slapd A to crash, resulting in a denial of service. Various other issues were also addressed.
65a74670ba8afce1cf5caf902adf4fd4Debian Linux Security Advisory 3914-1 - memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are processed.
c11221e064c251a1dfebe04b67b54f44UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
7540f45eb8e2d3881f8d17e9a638987aAndrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.
f33f9e8f678adbf7a3a32f53939cff60Apache OpenMeetings version 1.0.0 suffers from a denial of service vulnerability.
5721ef0c587da867f957a3a7b39ef16bDNS/DNSSEC RR stub resolvers amplification distributed denial of service exploit.
0dcc402c9b94f66a14d0a3fd9f69f56bGentoo Linux Security Advisory 201707-6 - Multiple vulnerabilities have been found in virglrenderer, the worst of which could allow local guest OS users to cause a Denial of Service condition. Versions are affected.
3f4534c3255b0846c107799ebecc5712Gentoo Linux Security Advisory 201707-5 - Multiple vulnerabilities have been found in OpenSLP, the worst of which allows remote attackers to cause a Denial of Service condition or other unspecified impacts. Versions less than 2.0.0-r4 are affected.
1a3ddce2f748c7c3ff71382b62ca0845Ubuntu Security Notice 3350-1 - Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. Various other issues were also addressed.
548be691af892f773e9a819ceafa873bFirefox version 54.0.1 suffers from a denial of service vulnerability.
9e6dbc8b2122d425a1c5d8b9e352ef36Debian Linux Security Advisory 3903-1 - Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.
f22eb4c31adb069462aeb0325c0caef3Ubuntu Security Notice 3321-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information or execute arbitrary code. Multiple security issues were discovered in the Graphite 2 library used by Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, or execute arbitrary code. Various other issues were also addressed.
287375d513bdda9fae3735c80fba55bfUbuntu Security Notice 3349-1 - Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. Various other issues were also addressed.
f7f3fa44faf862974b40f78bbb8b5cbc
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed