[slackware-security] bzip2

New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bzip2-1.0.8-i586-1slack14.2.txz: Upgraded. Fixes security issues: bzip2recover: Fix use after free issue with outFile. Mak...

(Pwn2Own) Xiaomi Browser Captive Portal WebView Authorization Bypass Vulnerability

This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi6. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of HTTP...

Update for Windows Server 2012 and Windows Embedded 8 Standard: June 21, 2019

Update for Windows Server 2012 and Windows Embedded 8 Standard: June 21, 2019 Summary This update for Windows Server 2012 and Windows Embedded 8 Standard includes the quality improvements from KB4503263 released June 11, 2019, in addition to these key changes: Addresses an issue that may display...

Slackware 14.2 / current : mozilla-firefox (SSA:2019-191-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-191-01. The text itself is copyright C Slackware Linux,...

Microsoft Windows gdiplus Font Parsing Integer Overflow Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CNVD-2019-39014)

Internet Explorer is a web browser from Microsoft. Formerly known as Microsoft Internet Explorer prior to version 6 and Windows Internet Explorer versions 7, 8, 9, 10, 11, or IE for short. A memory corruption vulnerability exists in the Microsoft Internet Explorer scripting engine. The...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CNVD-2019-39015)

Internet Explorer is a web browser from Microsoft. Formerly known as Microsoft Internet Explorer prior to version 6 and Windows Internet Explorer versions 7, 8, 9, 10, 11, or IE for short. A memory corruption vulnerability exists in the Microsoft Internet Explorer scripting engine. The...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-27084)

Edge is Microsoft's browser for Windows 10, characterized by fast and secure.ChakraCore is a Microsoft open source, efficient JS scripting engine for Windows IE/Edge kernel. A memory corruption vulnerability exists in Microsoft Edge. The vulnerability stems from a problem with the way the Chakra...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-27085)

Edge is Microsoft's browser for Windows 10, characterized by fast and secure.ChakraCore is a Microsoft open source, efficient JS scripting engine for Windows IE/Edge kernel. A memory corruption vulnerability exists in Microsoft Edge. The vulnerability stems from a problem with the way the Chakra...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-27086)

Edge is Microsoft's browser for Windows 10, characterized by fast and secure.ChakraCore is a Microsoft open source, efficient JS scripting engine for Windows IE/Edge kernel. A memory corruption vulnerability exists in Microsoft Edge. The vulnerability stems from a problem with the way the Chakra...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-27087)

Edge is Microsoft's browser for Windows 10, characterized by fast and secure.ChakraCore is a Microsoft open source, efficient JS scripting engine for Windows IE/Edge kernel. A memory corruption vulnerability exists in Microsoft Edge. The vulnerability stems from a problem with the way the Chakra...

Microsoft Windows gdiplus Font Parsing Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

.NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us...

Remote Code Execution (RCE)

ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user...

Microsoft Windows ADODB Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within msado15.dll. B...

Google Android Bluetooth hci_len Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows attackers in close proximity to execute arbitrary code on vulnerable installations of Google Android. User interaction is required to exploit this vulnerability in that the target must accept a malicious file transfer. The specific flaw exists within the parsing of...

Siemens SIMATIC ET 200eco PN 4 inputs voltage/current, 4 inputs resistance thermocouple I/O module

Binary data 764642.prm...

Foxit PhantomPDF Button Calculate Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Foxit Reader AcroForm exportValues Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues meth...

Siemens SIMATIC ET 200eco PN 4 inputs voltage/current I/O module

Binary data 764644.prm...