[SECURITY] [DLA 233-1] clamav security and upstream version update

Package : clamav Version : 0.98.7+dfsg-0+deb6u1 CVE ID : CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2668 Upstream published version 0.98.7. This update updates sqeeze-lts to the latest upstream release in line with the approach used...

SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0868-1)

PHP5 has been updated to fix two security vulnerabilities : - Heap-based buffer overflow in DNS TXT record parsing CVE-2014-4049 - NULL pointer dereference in GD XPM decoder CVE-2014-2497 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

libvirt / qemu security vulnerabilities

Crash on PCI registers, IDE controller and Physical Region Descriptor Table decoder. Code execution...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

Race condition

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory corruption by leveraging improper Media Decoder Thread creation at the time of a...

CVE-2015-2715

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory corruption by leveraging improper Media Decoder Thread creation at the time of a...

CVE-2015-2715

CVE-2015-2715 describes a race condition in Mozilla Firefox prior to 38.0 related to nsThreadManager::RegisterCurrentThread during shutdown when Media Decoder threads are created. This leads to use-after-free and heap memory corruption, enabling remote attackers to potentially execute arbitrary c...

SuSE 11.3 Security Update : kvm (SAT Patch Number 10645)

This update for KVM fixes an issue in the virtio-blk driver which could result in incorrectly setting its WCE configuration. Under some circumstances, this misconfiguration could cause severe file system corruption, because cache flushes were not generated as they ought to have been. The update...

firefox: multiple issues

CVE-2015-2708 Memory safety bugs fixed in Firefox ESR 31.7 and Firefox 38: Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink reported memory safety problems and crashes that affect Firefox ESR 31.6 and Firefox 37. - CVE-2015-2709 Memory safety bugs fixed in Firefox 38: Gary Kwong,...

Debian Security Advisory DSA 3259-1 (qemu - security update)

Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder...

Debian DSA-3259-1 : qemu - security update (Venom)

Several vulnerabilities were discovered in the qemu virtualisation solution : - CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. - CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. -...

UBUNTU-CVE-2015-2715

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory corruption by leveraging improper Media Decoder Thread creation at the time of a...

Firefox < 38.0 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 38.0. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists in the Inter-process Communications IPC implementation due to a failure to validate the identity of a listener...

CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service crash via a crafted file...

DEBIAN-CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service crash via a crafted file...

Design/Logic Flaw

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service crash via a crafted file...

CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service crash via a crafted file...

CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service crash via a crafted file...

CVE-2015-2170

The CVE-2015-2170 entry concerns ClamAV upx decoding: the upx decoder (upx.c) in ClamAV before 0.98.7 can crash the scanner (DoS) when processing crafted UPX-packed files. Connected advisories confirm a fixed version in ClamAV 0.98.7 and downstream updates. Affected products include ClamAV 0.98.7...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-46 Miscellaneous memory safety hazards rv:38.0 / rv:31.7 MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer MFSA-2015-48 Buffer overflow with SVG content and CSS MFSA-2015-49 Referrer policy ignored when links opened by middle-click and...