USN-2290-1 linux vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiró discovered an information leak in the Linux kernel's media- device...

USN-2290-1: Linux kernel vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiró discovered an information leak in the Linux kernel's media- device...

USN-2288-1: Linux kernel (Trusty HWE) vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiró discovered an information leak in the Linux kernel's media- device...

Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2287-1)

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Michael S. Tsirkin discovered an information leak in the Linux kernel's...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2288-1)

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiro discovered an information leak in the Linux kernel's media- device...

Ubuntu 13.10 : linux vulnerabilities (USN-2289-1)

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Michael S. Tsirkin discovered an information leak in the Linux kernel's...

lzo: lzo1x_decompress_safe() integer overflow

An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash o...

Updated ffmpeg packages fix security vulnerabilities

A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek operations on video data could allow remote attackers to cause a denial of service CVE-2012-5150. The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 1.1.9 does not properly validate a certain bits-per-sample...

MGASA-2014-0281 Updated ffmpeg packages fix security vulnerabilities

A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek operations on video data could allow remote attackers to cause a denial of service CVE-2012-5150. The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 1.1.9 does not properly validate a certain bits-per-sample...

Updated ffmpeg packages fix security vulnerabilities

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

CVE-2014-4608

Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal Run. NOTE: the author of the LZO...

[SECURITY] Fedora 20 Update: lzo-2.08-1.fc20

LZO is a portable lossless data compression library written in ANSI C. It offers pretty fast compression and very fast decompression. Decompression requires no memory. In addition there are slower compression levels achieving a quite competitive compression ratio while still decompressing at this...

IrfanView FlashPix PlugIn Decompression Heap Overflow

No description provided by source. Application: IrfanView FlashPix PlugIn Decompression Heap Overflow Platforms: Windows Secunia Number: SA48772 PRL: 2012-08 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2...

Microsoft Reader <= 2.1.1.3143 Heap Overflow

No description provided by source. Source: http://aluigi.org/adv/msreader2-adv.txt Luigi Auriemma Application: Microsoft Reader http://www.microsoft.com/reader Versions: = 2.1.1.3143 PC version = 2.6.1.7169 Origami version the non-PC versions have not been tested Platforms: Windows, Windows Mobil...

Internet Bug Bounty: LZ4 Core

Lab Mouse Security Report LMS-2014-06-16-6 Report ID: LMS-2014-06-16-6 CVE ID: CVE-2014-4611 Researcher Name: Don A. Bailey Researcher Organization: Lab Mouse Security Researcher Email: donb at securitymouse.com Researcher Website: www.securitymouse.com Vulnerability Status: Reported / No respons...

GnuPG DoS

Infinite loop in decompression...

openSUSE Security Update : gwenview (openSUSE-SU-2010:0691-1)

This update fixes a heap-based overflow in okular. The RLE decompression in the TranscribePalmImageToJPEG function can be exploited to execute arbitrary code with user privileges by providing a crafted PDF file. CVE-2010-2575. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

openSUSE Security Update : python3 (openSUSE-SU-2014:0498-1)

Python was updated to 3.3.5 fixing bugs and security issues : - bugfix-only release, closes several security bugs - CVE-2013-1752 bnc856836 - DoS flaws with unbounded reads from network - disable SSLv2 by default - DoS on maliciously crafted zip files CVE-2013-7338, bnc869222 -...

openSUSE Security Update : python (openSUSE-SU-2014:0380-1)

Python was updated to 2.7.6 to fix bugs and security issues : - bugfix-only release - SSL-related fixes - upstream fix for CVE-2013-4238 - upstream fixes for CVE-2013-1752 - added patches for CVE-2013-1752 bnc856836 issues that are missing in 2.7.6: python-2.7.6-imaplib.patch...

CVE-2014-2133

Buffer overflow in Cisco Advanced Recording Format ARF player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted .arf file that triggers improper LZW...