Debian DSA-3565-1 : botan1.10 - security update

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. - CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector...

[SECURITY] [DSA 3565-1] botan1.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3565-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 02, 2016 https://www.debian.org/security/faq -...

DSA-3565-1 botan1.10 - security update

Bulletin has no description...

Debian Security Advisory DSA 3565-1 (botan1.10 - security update)

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector i...

[SECURITY] [DLA 449-1] botan1.10 security update

Package : botan1.10 Version : 1.10.5-1+deb7u1 CVE ID : CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 CVE-2016-2195 CVE-2016-2849 Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, includi...

PT-2016-5899 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue arises from improper handling of decoder stack overflows in the ber-decoder.c file, allowing remote attackers to cause a denial of service abort by sending crafted BER data...

CVE-2016-4353

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...

PT-2016-5900 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue is caused by an incorrect integer data type used in the ber-decoder.c file, which allows remote attackers to cause a denial of service crash via crafted BER data. This leads to a buffer...

PT-2016-5901 · Kde +2 · Libksba +2

Name of the Vulnerable Software and Affected Versions: Libksba versions prior to 1.3.3 Description: The issue is caused by multiple integer overflows in the ber-decoder.c file, allowing remote attackers to cause a denial of service crash via crafted BER data. This leads to a buffer overflow...

CVE-2016-4356

The appendutf8value function in the DN decoder dn.c in Libksba before 1.3.3 allows remote attackers to cause a denial of service out-of-bounds read by clearing the high bit of the byte after invalid utf-8 encoded data...

UBUNTU-CVE-2016-4355

Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service crash via crafted BER data, which leads to a buffer overflow...

UBUNTU-CVE-2016-4353

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...

Oracle iPlanet Web Proxy Server 4.0.x < 4.0.27 NSS ASN.1 Decoder RCE (April 2016 CPU)

According to its self-reported version, the Oracle iPlanet Web Proxy Server formerly known as Sun Java System Web Proxy Server installed on the remote host is version 4.0.x prior to 4.0.27. It is, therefore, affected by a heap buffer overflow condition in the ASN.1 decoder in the Network Security...

CVE-2016-0842

The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation MMCO data, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25818142...

CVE-2016-0836

Stack-based buffer overflow in decoder/impeg2dvld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25812590...

Memory corruption

The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation MMCO data, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25818142...

CVE-2016-0842

The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation MMCO data, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25818142...

CVE-2016-0840

Multiple stack-based buffer underflows in decoder/ih264dparsecavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 26399350...

CVE-2016-0842

The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation MMCO data, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25818142...

Apache Struts Oracle JRE Cross-Site Scripting Vulnerability

Apache Struts is the United States an open source framework for creating enterprise Java Web applications.Oracle JRE is a set of environments for running Java applications. A cross-site scripting vulnerability exists in the 'URLDecoder' function of the Oracle JRE used by Apache Struts, which allo...