Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:1196-1 Rating: moderate References: 1120653 1120654 1120656 1120659 1124341 1124342 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020...

Linux/x64 - XANAX Decoder Shellcode (127 bytes)

Linux/x64 - XANAX Decoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Decoder ; Author: Alan Vivona ; Description: Reverts the xor-add-not-add-xor sequence using the same 4 byte key and executes the encoded payload. ; Tested on: x86-x64 GNU/Linux global start section .text keys.xor1 equ 0x29...

CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders

Recently the Carbon Black Threat Analysis Unit TAU analyzed the APT28 downloaders SedUploader and Zebrocy which has been observed over the previous six months. There have been several good publications regarding the code analysis of SedUploader and Zebrocy already 125679. Therefore, in this artic...

The vulnerability of the Libarchive library for working with archives, related to memory management after deallocation, allows an attacker to trigger a service failure.

The vulnerability of the library for working with Libarchive archives libarchive/archivereadsupportformatrar.c is related to a bug in the RAR format decoder. Exploiting this vulnerability may allow an attacker to cause service interruptions...

The vulnerability of the Libarchive library for working with archives, related to double memory release, allows a perpetrator to trigger a service failure.

The vulnerability of the library for working with Libarchive archives libarchive/archivereadsupportformatrar.c is related to an error in the RAR format decoder, which causes resources in memory to be re-allocated. Exploiting this vulnerability could allow a remote attacker to cause service...

openh264/decoder_fuzzer: Heap-use-after-free in WelsDec::WelsReorderRefList

Project: https://github.com/cisco/openh264.git Detailed report: https://oss-fuzz.com/testcase?key=5190290674024448 Project: openh264 Fuzzer: libFuzzeropenh264decoderfuzzer Fuzz target binary: decoderfuzzer Job Type: libfuzzerasanopenh264 Platform Id: linux Crash Type: Heap-use-after-free READ 4...

SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:0831-1)

This update for libarchive fixes the following issues : Security issues fixed : CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 CVE-2018-1000879: Fixed a NULL pointer Dereference...

SUSE-SU-2019:0831-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL Pointer Dereference...

Base64 Decoder 1.1.2 Buffer Overflow

!/usr/bin/env python Exploit Title: Base64 Decoder 1.1.2 Local Buffer Overflow SEH + Egghunter Date: 28.03.2019 Exploit Author: Paolo Perego - [email protected] Vendor Homepage: http://4mhz.de/b64dec.html Software Link: http://4mhz.de/download.php?file=b64dec-1-1-2.zip Version: Base64 Decoder...

Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter) Exploit

Exploit for windows platform in category local exploits !/usr/bin/env python Exploit Title: Base64 Decoder 1.1.2 Local Buffer Overflow SEH + Egghunter Date: 28.03.2019 Exploit Author: Paolo Perego - email protected Vendor Homepage: http://4mhz.de/b64dec.html Software Link:...

Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter)

Base64 Decoder 1.1.2 - Local Buffer Overflow SEH Egghunter !/usr/bin/env python Exploit Title: Base64 Decoder 1.1.2 Local Buffer Overflow SEH + Egghunter Date: 28.03.2019 Exploit Author: Paolo Perego - [email protected] Vendor Homepage: http://4mhz.de/b64dec.html Software Link:...

Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter)

!/usr/bin/env python Exploit Title: Base64 Decoder 1.1.2 Local Buffer Overflow SEH + Egghunter Date: 28.03.2019 Exploit Author: Paolo Perego - [email protected] Vendor Homepage: http://4mhz.de/b64dec.html Software Link: http://4mhz.de/download.php?file=b64dec-1-1-2.zip Version: Base64 Decoder...

EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-1094)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-415: Double Free vulnerabili...

OPENSUSE-SU-2019:0166-1 Security update for haproxy

This update for haproxy version 1.8.17 fixes the following issues: Security issues fixed: - CVE-2018-20615: Fixed a denial of service, triggered by mishandling the priority flag on short HEADERS frame in the HTTP/2 decoder bsc1121283 This update was imported from the SUSE:SLE-15:Update update...

DEBIAN-CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

RHEL 7 : OpenShift Container Platform 3.9 haproxy (RHSA-2019:0547)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0547 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security fixes: haproxy...

RHEL 7 : OpenShift Container Platform 3.10 haproxy (RHSA-2019:0548)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0548 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security fixes: haproxy:...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.9 haproxy security update

An update for haproxy is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2019-9718

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...