Apache HTTP Server Format String Remote Code Execution

A remote code execution vulnerability has been reported in Apache HTTP servers. The vulnerability is due to the failure of the application in verifying string arguments that are passed to a formatting function. A remote attacker can exploit this vulnerability to inject and execute arbitrary code...

[ExifTool] Read, Writing Meta Information Tools

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP...

auto-format of Curl responses may lead to code execution

When executing a cURL request using the RequestCurl class with an unvalidated URL provided by user input, or a request to a malicious or a legitimate but hacked website, a specially crafted response can lead to auto-execution of malicious code, due to the way the auto formatting mechanism works...

pacemaker security, bug fix, and enhancement update

1.1.10-14 - Log: crmd: Supply arguments in the correct order Resolves: rhbz996850 - Fix: Invalid formatting of log message causes crash Resolves: rhbz996850 1.1.10-13 - Fix: cman: Start clvmd and friends from the init script if enabled 1.1.10-12 - Fix: Consistently use 'Slave' as the role for...

Fedora 19 : nas-1.9.3-7.fc19 (2013-17036)

This release fixes four security bugs: buffer overflow when parsing display number CVE-2013-4256, heap overflow when processing AUDIOHOST variable CVE-2013-4257, formatting string for syslog call CVE-2013-4258, and a race when opening a TCP device. Note that Tenable Network Security has extracted...

Fedora 20 : nas-1.9.3-9.fc20 (2013-16936)

This release fixes four security bugs: buffer overflow when parsing display number CVE-2013-4256, heap overflow when processing AUDIOHOST variable CVE-2013-4257, formatting string for syslog call CVE-2013-4258, and a race when opening a TCP device. Note that Tenable Network Security has extracted...

Mailbox iPhone app vulnerability executes any Javascript from HTML mail body

Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app. Mailbox is a tidy iOS the email app recently purchased by Dropbox, has a pretty wide-open hole that could allow bad actors to hijack your device. The flaw occurs in the latest version...

Updated python-OpenSSL package fixes security vulnerability

The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing CVE-2013-4314...

[SECURITY] Fedora 17 Update: kfloppy-4.10.5-1.fc17

KFloppy is a utility that provides a straightforward graphical means to format 3.5" and 5.25" floppy disks...

Microsoft Internet Explorer SmartDispClient Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

[SECURITY] Fedora 18 Update: kfloppy-4.10.4-1.fc18

KFloppy is a utility that provides a straightforward graphical means to format 3.5" and 5.25" floppy disks...

[SECURITY] Fedora 19 Update: kfloppy-4.10.4-1.fc19

KFloppy is a utility that provides a straightforward graphical means to format 3.5" and 5.25" floppy disks...

pki-tps: Temporary denial of service on interrupted token format operations

The token processing system pki-tps in Red Hat Certificate System RHCS before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service NULL pointer dereference and Apache httpd web server child process crash via unspecifie...

Fedora Update for groff FEDORA-2012-8577

Check for the Version of groff OpenVAS Vulnerability Test Fedora Update for groff FEDORA-2012-8577 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20120718)

The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFYSOURCE protection...

DEBIAN-CVE-2011-4957

The makeclickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service crash via a comment with a crafted URL that triggers many recursive calls...

Fedora Update for groff FEDORA-2012-8596

Check for the Version of groff OpenVAS Vulnerability Test Fedora Update for groff FEDORA-2012-8596 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Fedora Update for groff FEDORA-2012-8590

Check for the Version of groff OpenVAS Vulnerability Test Fedora Update for groff FEDORA-2012-8590 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

[SECURITY] Fedora 17 Update: groff-1.21-9.fc17

Groff is a document formatting system. Groff takes standard text and formatting commands as input and produces formatted output. The created documents can be shown on a display or printed on a printer. Groff's formatting commands allow you to specify font type and size, bold type, italic type, th...

[SECURITY] Fedora 16 Update: groff-1.21-4.fc16

Groff is a document formatting system. Groff takes standard text and formatting commands as input and produces formatted output. The created documents can be shown on a display or printed on a printer. Groff's formatting commands allow you to specify font type and size, bold type, italic type, th...