Security update for mercurial (important)

mercurial was updated to fix three security issues. These security issues were fixed: - CVE-2016-3069: Arbitrary code execution when converting Git repos bsc973176. - CVE-2016-3068: Arbitrary code execution with Git subrepos bsc973177. - CVE-2016-3630: Remote code execution in binary delta decodi...

[SECURITY] Fedora 24 Update: libtasn1-4.8-1.fc24

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding func tions...

CVE-2016-4008

The asn1extractderoctet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1DECODEFLAGSTRICTDER flag, allows remote attackers to cause a denial of service infinite recursion via a crafted certificate...

DEBIAN-CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

Memory corruption

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

UBUNTU-CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

CVE-2015-8553

CVE-2015-8553 is referenced in multiple connected Nessus entries as a Xen/Linux kernel memory-information disclosure vulnerability. The description stored with the CVE notes that guest OS users can obtain sensitive information from uninitialized host kernel memory because memory and I/O decoding ...

CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

openSUSE: Security Advisory for mercurial (openSUSE-SU-2016:1016-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 50 to the stable channel for Windows, Mac and Linux. Chrome 50.0.2661.75 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...

Security update for mercurial (important)

mercurial was updated to fix three security issues. These security issues were fixed: - CVE-2016-3069: Arbitrary code execution when converting Git repos bsc973176. - CVE-2016-3068: Arbitrary code execution with Git subrepos bsc973177. - CVE-2016-3630: Remote code execution in binary delta decodi...

libtasn1 -- denial of service parsing malicious DER certificates

GNU Libtasn1 NEWS reports: Fixes to avoid an infinite recursion when decoding without the ASN1DECODEFLAGSTRICTDER flag. Reported by Pascal Cuoq...

Lhasa Integer Overflow Vulnerability

Lhasa is a freeware alternative to the LHA compression program for Unix, developed by software developer Simon Howard. The program is capable of decompressing .lzh and .lzs files. An integer overflow vulnerability exists in the 'decodelevel3header' function in Lhasa's lib\lhafileheader.c file,...

UBUNTU-CVE-2016-0816

mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, related to decoder/ih264dparseislice.c and decoder/ih264dparsepslice.c, aka internal bug 25928803...

ALPINE-CVE-2016-2329

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted TIFF file, related to th...

UBUNTU-CVE-2016-2329

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted TIFF file, related to th...

FreeBSD : py-imaging, py-pillow -- Buffer overflow in FLI decoding code (6ea60e00-cf13-11e5-805c-5453ed2e2b49)

The Pillow maintainers report : In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error. There is a memcpy error where x is added to a target buffer address. X is used in several internal temporary variable roles, but can take a value...

MGASA-2016-0048 Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...