[SECURITY] Fedora 23 Update: pypy-4.0.1-3.fc23

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

[SECURITY] Fedora 24 Update: pypy-5.0.1-3.fc24

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

[SECURITY] Fedora 24 Update: pypy3-2.4.0-6.fc24

PyPy's implementation of Python 3, featuring a Just-In-Time compiler on som e CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

The vulnerability of the Firefox browser, which allows a malicious individual to execute arbitrary code or trigger a service denial

Mozilla Firefox browsers contain a vulnerability related to errors in the implementation of the MPostWriteBarrier class. Exploiting this vulnerability allows malicious actors to cause service interruptions memory corruption and unexpected application termination or execute arbitrary code by...

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

CVE-2016-4472

CVE-2016-4472 affects the Expat XML parser: overflow protections can be removed by compilers with certain optimizations, allowing remote attackers to cause a crash or potentially execute code via crafted XML. The entry notes this stems from an incomplete fix for CVE-2015-1283 and CVE-2015-2716. C...

RHEL 7 : ocaml (RHSA-2016:1296)

An update for ocaml is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Complex Code Reuse Attacks: ROPMEMU

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks Talos has developed ROPMEMU, a framework to analyze, dissect and decompile complex code-reuse attacks. It adopts a set of different techniques to analyze ROP chains and reconstruct their equivalent code in a form...

expat2 -- denial of service

Adam Maris reports: It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch...

UBUNTU-CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

GNU gcc Integer Overflow Vulnerability

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. An integer overflow vulnerability exists in GNU gcc, which stems from inconsistent use of the long and int types for string/array lengths in the cp-demangle.c file. An attacker can...

GNU gcc Denial of Service Vulnerability (CNVD-2016-03013)

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. A security vulnerability exists in the libiberty demangler library of GNU gcc. An attacker could exploit the vulnerability to crash the host application...

DLA-463-1 ikiwiki - security update

Bulletin has no description...

GNU gcc memory misreference vulnerability (CNVD-2016-03093)

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. A memory misreference vulnerability exists in GNU gcc. An attacker can exploit the vulnerability to cause invalid writes with the help of the 'btypevec' parameter...

GNU gcc Denial of Service Vulnerability

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. A security vulnerability exists in the libiberty demangler library of GNU gcc. An attacker could exploit the vulnerability to read array index values in mangled strings, crashing the...

GNU gcc integer overflow vulnerability (CNVD-2016-03095)

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. An integer overflow vulnerability exists in GNU gcc, which arises from a program's failure to properly handle data of type signed int. An attacker could exploit this vulnerability to...

GNU gcc integer overflow vulnerability (CNVD-2016-03094)

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. An integer overflow vulnerability exists in the 'gnuspecial' method of GNU gcc. An attacker could exploit this vulnerability to cause an invalid write...

GNU gcc Stack Buffer Overflow Vulnerability

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. A stack buffer overflow vulnerability exists in the libiberty demangler library of GNU gcc. An attacker could exploit this vulnerability to crash the host application, causing stack...

GNU gcc Memory Misreference Vulnerability

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. A memory misreference vulnerability exists in GNU gcc. An attacker can exploit the vulnerability to cause invalid writes with the help of the 'ktypevec' parameter...