[SECURITY] Fedora 24 Update: ikiwiki-3.20170111-1.fc24

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

[SECURITY] Fedora 24 Update: chicken-4.11.0-3.fc24

CHICKEN is a compiler for the Scheme programming language. CHICKEN produces portable, efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions...

[SECURITY] Fedora 25 Update: chicken-4.11.0-3.fc25

CHICKEN is a compiler for the Scheme programming language. CHICKEN produces portable, efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions...

DEBIAN-CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

CVE-2016-7998

CVE-2016-7998 affects SPIP 3.1.2 and earlier, where remote authenticated users can trigger arbitrary PHP code execution by uploading an HTML file containing a crafted INCLUDE/INCLURE tag and then accessing it via the valider_xml action. The issue is tied to the SPIP template composer/compiler com...

Privilege escalation

An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler...

Chicken: Multiple vulnerabilities

Background Chicken is a scheme interpreter and native scheme to C compiler. Description Multiple vulnerabilities have been discovered in Chicken. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of t...

[SECURITY] Fedora 25 Update: msgpuck-1.1.3-1.fc25

MsgPack is a binary-based efficient object serialization library. It enables to exchange structured objects between many languages like JSON. But unlike JSON, it is very fast and small. msgpuck is very lightweight header-only library designed to be embedded to your application by the C/C++...

Downloads Resources over HTTP

Overview Affected versions of google-closure-tools-latest insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Less Compiler Arbitrary Code Execution Vulnerability

LESS is a dynamic cascading style sheet language designed by Alexis Sellier. An arbitrary code execution vulnerability exists in Less Compiler. An attacker can exploit the vulnerability to execute arbitrary code in the context of an affected application...

Less.js Untrusted File Compilation / Code Execution

Advisory: Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting discovered behaviour in the Less.js compiler, which allows execution of arbitrary code if an untrusted LESS file is compiled. Details ======= Product: Less...

Debian DLA-720-1 : xen security update

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-9379, CVE-2016-9380 XSA-198 pygrub, the boot loader emulator, fails to quote or sanity check its results when reporting them to its...

xen-tools -- qemu incautious about shared ring processing

The Xen Project reports: The compiler can emit optimizations in qemu which can lead to double fetch vulnerabilities. Specifically data on the rings shared between qemu and the hypervisor which the guest under control can obtain mappings of can be fetched twice during which time the guest can alte...

Mozilla: Heap-buffer-overflow WRITE in rasterize_edges_1 (MFSA 2016-89, MFSA 2016-90)

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

CVE-2016-5296

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

CVE-2016-5296

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

UBUNTU-CVE-2016-5296

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

IBM DB2 10.5 < Fix Pack 8 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 8. It is, therefore, affected by the following vulnerabilities : - A local privilege escalation vulnerability exists due to insecurely loading binaries planted in a location that a SETGID or...

IBM DB2 10.5 < Fix Pack 8 Multiple DoS

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 8. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the SQLNPSCOPETRIAL function due to improper handling of SQL statements. An...