Red Hat Security Advisory 2017-2665-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.
c17769c8668cc43a2a091c90427cf681Debian Linux Security Advisory 3962-1 - A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.
38887629192c594f9fc095a348cb6496Debian Linux Security Advisory 3961-1 - A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.
b24ba28981489977ea7ad995c8b838dcRed Hat Security Advisory 2017-2628-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O co-routine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
1928089e24ad095f0013eecf3c936b70Ubuntu Security Notice 3408-1 - It was discovered that an illegal address access can be made in Liblouis. A remote attacker can take advantage of this to access sensitive information. It was discovered a heap-based buffer overflow that causes bytes out-of-bounds write in Liblouis. A remote attacker can use this to denial of service or remote code execution. It was discovered a stack-based buffer overflow in Liblouis. A remote attacker can use this to denial of service or possibly unspecified other impact. Various other issues were also addressed.
88a84b5f0cae21d8aab51257caac47aalibgedit.a versions 3.22.1 and below suffer from a denial of service vulnerability.
29588415b913569a7b184d76849bd89cIBM Notes versions 8.5.x and 9.0.x suffer from a denial of service vulnerability.
5962a5618ef528d19dbaa50818de00f6IBM Notes versions 8.5.x and 9.0.x suffer from a denial of service vulnerability.
9fb22fea4846ddb2727b405d5822e3bdUSB Safely Remove version 5.5.5 suffers from a denial of service vulnerability.
5a4e139ce9b5265d69146770d8d7ae9dRed Hat Security Advisory 2017-2560-01 - Red Hat Certificate System is a complete implementation of an enterprise software system designed to manage enterprise public key infrastructure deployments. Security Fix: An input validation error was found in Red Hat Certificate System's handling of client provided certificates. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.
b816d0caa11fd2b02380353cae9bf22aUbuntu Security Notice 3406-2 - USN-3406-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
bcb9b54a8a5556c6daf2c16f77e97ad7Ubuntu Security Notice 3403-1 - Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service. Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted document to cause a denial of service. Various other issues were also addressed.
9208f40dc0fca6b20b8bd44ffe26dae8Ubuntu Security Notice 3406-1 - It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
ab3d93c5b082693198c7dd03e2550762Ubuntu Security Notice 3405-2 - USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
be8ba4251d1774d576a5d0cbdadc62c4Ubuntu Security Notice 3405-1 - It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
179b8f597770848ddee280743b07f0a7Ubuntu Security Notice 3404-2 - USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.
a970f8e5eb195519cf353a052dfb1002Ubuntu Security Notice 3404-1 - A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.
0c10766d1d75847f4d3bc58da124b0a0Gentoo Linux Security Advisory 201708-10 - Multiple integer overflow flaws have been discovered in jbig2dec, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 0.13-r4 are affected.
3dac69543f8acfabe5175ae9189c46fdGentoo Linux Security Advisory 201708-9 - Multiple vulnerabilities have been found in AutoTrace, the worst of which could cause a Denial of Service condition. Versions less than or equal to 0.31.1-r8 are affected.
4bf60c999c540d4e80f75c371847930dlibgig-LinuxSampler version 4.0.0 suffers from multiple denial of service buffer overflow vulnerabilities.
ea634ba011c2bd8f5aa8755d9b83a524Sandboxie version 5.20 local denial of service exploit.
05150330f083538add84d997e99fa119Debian Linux Security Advisory 3950-1 - Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS (Denial of Service) with craft KDC or TIFF file.
6b2dcf3f03044b5b372b42ba49189156Ubuntu Security Notice 3398-1 - Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
1ece36edb670fe9f149e370c636c688dRed Hat Security Advisory 2017-2492-01 - XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Security Fix: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service.
819cb939df0a91198cf7f34e6d3f07d8Ubuntu Security Notice 3400-1 - It was discovered that Augeas incorrectly handled certain strings. An attacker could use this issue to cause Augeas to crash, leading to a denial of service, or possibly execute arbitrary code.
f710dd4756bb7d70d4620fc315b48ecf
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed