ESpace 7910; ESpace 7950; ESpace 8950 Security Vulnerabilities

[SECURITY] [DLA 772-1] linux security update

Package : linux Version : 3.2.84-1 CVE ID : CVE-2012-6704 CVE-2015-1350 CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-7097 CVE-2016-7910 CVE-2016-7911 CVE-2016-7915 CVE-2016-8399 CVE-2016-8633 CVE-2016-8645 CVE-2016-8655 CVE-2016-9178...

linux - security update

Bulletin has no...

SUSE SLES11 Security Update : xorg-x11-libXrender (SUSE-SU-2016:3115-1)

This update for xorg-x11-libXrender fixes the following issues : insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002, CVE-2016-7949, CVE-2016-7950) Note that Tenable Network Security has extracted the preceding description block directly...

CVE-2016-7950

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...

CVE-2016-7950

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...

CVE-2016-7950

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...

Out-of-bounds

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...

CVE-2016-7950

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...

CVE-2016-7950

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-1431)

The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a...

openSUSE: Security Advisory for kernel (openSUSE-SU-2016:3061-1)

The remote host is missing an update for...

Security update for the Linux Kernel (important)

The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a...

openSUSE Security Update : libXrender (openSUSE-2016-1421)

This update of libXrender fixes the following issues : insufficient validation of data from the X server could cause out of boundary memory writes (boo#1003002, CVE-2016-7949,...

Security Advisory - Dirty COW Vulnerability in Huawei Products

In the morning of October 21th, 2016, a security researcher Phil Oester disclosed a local privilege escalation vulnerability in Linux kernel. A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An.....

Fedora Update for libXrender FEDORA-2016-ade20198ff

The remote host is missing an update for...

Fedora Update for libXrender FEDORA-2016-49d560da23

The remote host is missing an update for...

Security Advisory - XSS Vulnerability in Huawei eSpace IAD

Huawei eSpace Integrated Access Device (IAD) has a reflected cross-site scripting (XSS) vulnerability. An attacker could trick a user into clicking a URL containing malicious scripts. Then the user's browser may receive a response from the eSpace IAD and execute the malicious scripts. Successful...

CVE-2016-7910

A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged...

Critical kernel security update: vulnerability fixes CVE-2016-7910, CVE-2016-7911 (and other), new kernel 2.6.32-042stab120.11

This update provides a new Virtuozzo 6.0 kernel 2.6.32-042stab120.11 based on the Red Hat Enterprise Linux 6.8 kernel 2.6.32-642.6.1.el6. The new kernel provides security and stability fixes. Vulnerability id: CVE-2016-1583 Stack overflow via ecryptfs and /proc/$pid/environ. It was found that...

SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2828-1)

This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission...

CVE-2016-7910

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...

CVE-2016-7910

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...

CVE-2016-7910

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...

Design/Logic Flaw

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...

CVE-2016-7910

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...

CVE-2016-7910

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. Notes Author| Note ---|--- jdstrand |...

Fedora 25 : libXrender (2016-ade20198ff)

Security fix for CVE-2016-7949, CVE-2016-7950 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora Update for libXrender FEDORA-2016-8877cf648b

The remote host is missing an update for...

Linux Network Analyzer: netsniff-ng

Linux Network Analyzer A Swiss army knife for your daily Linux network plumbing netsniff-ng is a free, performant Linux network analyzer and networking toolkit. If you will, the Swiss army knife for network packets. The gain of performance is reached by built-in zero-copy mechanisms, so that on...

Android Security Bulletin—November 2016

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer....

Fedora 23 : libXrender (2016-49d560da23)

Security fix for CVE-2016-7949, CVE-2016-7950 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

[SECURITY] Fedora 23 Update: libXrender-0.9.10-1.fc23

X.Org X11 libXrender runtime...

[slackware-security] x11

New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libX11-1.6.4-i586-1_slack14.2.txz: Upgraded. Insufficient validation of data from the X server can...

CVE-2016-7910

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : x11 (SSA:2016-305-02)

New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security...

Security Advisory - Two Information Leak Vulnerabilities in ION Memory Management Module of Huawei Smart Phone

Two information leak vulnerabilities exist in the ION memory management module of some Huawei mobile phones due to the lack of initialization during memory allocation. (Vulnerability ID: HWPSIRT-2016-09032 and HWPSIRT-2016-09033) These two vulnerabilities have been assigned CVE ID: CVE-2016-8757...

openSUSE Security Update : X Window System client libraries (openSUSE-2016-1214)

This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission...

Debian DLA-664-1 : libxrender security update

Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers. Insufficient validation of data from the X server could cause out of boundary memory writes in the libXrender library potentially...

[SECURITY] [DLA 664-1] libxrender security update

Package : libxrender Version : 1:0.9.7-1+deb7u3 CVE ID : CVE-2016-7949 CVE-2016-7950 Debian Bug : 840443 Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers....

libxrender - security update

Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers. Insufficient validation of data from the X server could cause out of boundary memory writes in the libXrender library potentially...

SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2505-1)

This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission...

[SECURITY] Fedora 25 Update: libXrender-0.9.10-1.fc25

X.Org X11 libXrender runtime...

CVE-2015-8950

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...

CVE-2015-8950

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...

CVE-2015-8950

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...

Information disclosure

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...

CVE-2015-8950

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...

Fedora 24 : libXrender (2016-8877cf648b)

Security fix for CVE-2016-7949, CVE-2016-7950 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

CVE-2015-8950

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. Notes Author| Note...

[SECURITY] Fedora 24 Update: libXrender-0.9.10-1.fc24

X.Org X11 libXrender runtime...