Unbreakable Enterprise kernel security update

2.6.39-400.250.5 - x8664, vdso: Fix the vdso address randomization algorithm Andy Lutomirski Orabug: 21226730 CVE-2014-9585 - isofs: Fix infinite looping over CE entries Jan Kara Orabug: 21225976 CVE-2014-9420 - x8664, switchto: Load TLS descriptors before switching DS and ES Andy Lutomirski...

kernel: ASLR bruteforce possible for vdso library

An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object vDSO implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...

UBUNTU-CVE-2015-3091

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses,...

UBUNTU-CVE-2015-3040

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different...

DEBIAN-CVE-2015-1593

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related ...

Low: kernel

Issue Overview: It was reported that stack address is not properly randomized on some 64 bit architectures due to an integer overflow. The stack entropy of the processes is reduced by four. Affected Packages: kernel Issue Correction: Run yum update kernel or yum update --advisory ALAS-2015-491 to...

[SECURITY] [DLA 155-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze11 CVE ID : CVE-2013-6885 CVE-2014-7822 CVE-2014-8133 CVE-2014-8134 CVE-2014-8160 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585 CVE-2015-1421 CVE-2015-1593 This update fixes the CVEs described below. A further issue, CVE-2014-9419, was considered, but...

Microsoft Internet Explorer ASLR Security Bypass Vulnerability (CNVD-2015-01145)

Microsoft Internet Explorer is a popular WEB browser. A security vulnerability exists in Microsoft Internet Explorer ASLR that could allow an attacker to bypass certain security restrictions or execute arbitrary code using another application...

DEBIAN-CVE-2014-9675

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font...

flash-plugin: multiple code execution or security bypass flaws (APSB14-21)

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not...

Flash Player <= 14.0.0.179 Multiple Vulnerabilities (APSB14-21)

According to its version, the installation of Flash Player installed on the remote Windows host is equal or prior to 14.0.0.179. It is, therefore, affected by the following vulnerabilities : - Unspecified memory corruption issues exist that allow arbitrary code execution. CVE-2014-0547,...

MS KB2987114: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

The remote host is missing KB2987114. It is, therefore, affected by the following vulnerabilities : - Unspecified memory corruption issues exist that allow arbitrary code execution. CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555 - An unspecified error...

Adobe AIR <= AIR 14.0.0.178 Multiple Vulnerabilities (APSB14-21)

According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 14.0.0.178. It is, therefore, affected by the following vulnerabilities : - Unspecified memory corruption issues exist that allow arbitrary code execution. CVE-2014-0547, CVE-2014-0549,...

Google Chrome < 37.0.2062.120 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.120. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists related to rendering that allows a remote attacker to execute arbitrary code. CVE-2014-3178 - Unspecified...

What does a pointer look like, anyway?

Posted by Chris Evans, Renderer of Modern Art In Adobe’s August 2014 Flash Player security update, we see: These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545. I...

SuSE 11.3 Security Update : flash-player (SAT Patch Number 9612)

This flash-player update fixes the following security issues : - These updates resolve memory leakage vulnerabilities that could have been used to bypass memory address randomization. CVE-2014-0540 / CVE-2014-0542 / CVE-2014-0543 / CVE-2014-0544 / CVE-2014-0545 - These updates resolve a security...

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.400 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...

flash-plugin: multiple code execution or security bypass flaws (APSB14-18)

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly...

Adobe AIR <= AIR 14.0.0.110 Multiple Vulnerabilities (APSB14-18)

According to its version, the instance of Adobe AIR on the remote Windows host is equal or prior to 14.0.0.110. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exits that allows code execution. CVE-2014-0538 - An unspecified security bypass error exists...