Fedora 26 : sscep (2017-a5fc805283)

Changed compiler flags to include RPMOPTFLAGS and RPMLDFLAGS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Scripting Engine Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time JIT compiler that allows Arbitrary Code Guard ACG to be bypassed. By itself, this ACG bypass vulnerability does not allow arbitrary code execution...

VMware WorkStation 12.5.5 - Virtual Machine Escape

VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.5 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. Not quite elaborate because I'm not good at doing heap "fengshui" on winows...

openssh security, bug fix, and enhancement update

7.4p1-11 + 0.10.3-1 - Compiler warnings 1341754 7.4p1-10 + 0.10.3-1 - Add missing messages in FIPS mode 1341754 7.4p1-9 + 0.10.3-1 - Allow harmless syscalls for s390 crypto modules 1451809 7.4p1-8 + 0.10.3-1 - Fix multilib issue in documentation 1450361 7.4p1-6 + 0.10.3-1 - ControlPath too long...

RHEL 7 : golang (RHSA-2017:1859)

An update for golang is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] Fedora 25 Update: gcc-6.4.1-1.fc25

The gcc package contains the GNU Compiler Collection version 6. You'll need this package in order to compile C code...

GNU GCC Insecure Random Number Generator Vulnerability

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. An insecure random number generator vulnerability exists in GNU GCC. An attacker could exploit the vulnerability to gain access to perform certain unauthorized operations...

CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

UBUNTU-CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

CVE-2017-11671

CVE-2017-11671 affects GCC: the ix86_expand_builtin path in i386.c can generate RDRAND/RDSEED instruction sequences that clobber the status flag before being read, potentially causing reduced randomness. Documented in GCC bug reports and affected across GCC 4.6–4.9, 5 before 5.5, and 6 before 6.4...

Fedora 26 : mingw-libtasn1 (2017-d5cf1a55ce)

Noteworthy changes in release 4.11 released 2017-05-27 stable - Introduced the ASN1TIMEENCODINGERROR error code to indicate an invalid encoding in the DER time fields. - Introduced flag ASN1DECODEFLAGALLOWINCORRECTTIME. This flag allows decoding errors in time fields even when in strict DER mode...

Flat Assembler 1.7.21 - Local Buffer Overflow

Flat Assembler 1.7.21 - Local Buffer Overflow !/usr/bin/python Developed using Exploit Pack - http://exploitpack.com - Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Tested on: GNU/Linux - Kali 2017.1 Release What is FASM? Flat assembler is a fast, self-compilable assembly langua...

Design/Logic Flaw

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flas...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

Design/Logic Flaw

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...