[SECURITY] [DLA 72-1] rsylog security update

Package : rsylog Version : 4.6.4-2+deb6u1 CVE ID : CVE-2014-3634 CVE-2014-3683 CVE-2014-3634 Fix remote syslog vulnerability due to improper handling of invalid PRI values. CVE-2014-3683 Followup fix for CVE-2014-3634. The initial patch was incomplete. It did not cover cases where PRI values MAXI...

DLA-63-1 bash - security update

Bulletin has no description...

[oss-security] Re: CVE-2014-6271: remote code execution through bash

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITRE is currently using CVE-2014-7169 to track the report of the incomplete patch, i.e., incorrect function parsing that's present in builds that are up-to-date with the http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 changes. We realize that...

Re: [oss-security] CVE-2014-6271: remote code execution through bash

Tavis Ormandy just tweetet this: https://twitter.com/taviso/status/514887394294652929 The bash patch seems incomplete to me, function parsing is still brittle. e.g. $ env X=' a=' sh -c "echo date"; cat echo -- Hanno Bock http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42...

CVE-2013-6934

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers a...

Debian Security Advisory DSA 2631-1 (squid3 - denial of service)

Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi: CVE-2012-5643 squid's cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service...

CVE-2012-4447

Heap-based buffer overflow in tifpixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format...

httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

Debian DSA-2165-1 : ffmpeg-debian - buffer overflow

Several vulnerabilities have been discovered in FFmpeg coders, which are used by MPlayer and other applications. - CVE-2010-3429 Cesar Bernardini and Felipe Andres Manzano reported an arbitrary offset dereference vulnerability in the libavcodec, in particular in the FLIC file format parser. A...

Mandriva Update for gimp MDVSA-2009:332-1 (gimp)

Check for the Version of gimp OpenVAS Vulnerability Test Mandriva Update for gimp MDVSA-2009:332-1 gimp Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Linux Security Advisory : bind (MDVSA-2010:021)

Some vulnerabilities were discovered and corrected in bind : The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when...

SuSE9 Security Update : libpng (YOU Patch Number 12358)

A allocation mistake in libpng's pngread.c has been fixed CVE-2009-0040. The previous update was using an incomplete patch so it needed to be reissued. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

openSUSE Security Update : libpng-devel (libpng-devel-558)

A allocation mistake in libpng's pngread.c has been fixed CVE-2009-0040. The previous update was using an incomplete patch so it needed to be reissued. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

Debian: Security Advisory (DSA-1805-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1805-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 22, 2009 http://www.debian.org/security/faq -...

Debian DSA-1388-3 : dhcp - buffer overflow

The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available. For completeness, please find below the original advisory...

Stack overflow

Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact probably crash vi...

CVE-2007-1512

Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact probably crash vi...

CVE-2007-1512

Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact probably crash vi...

Sql injection

nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172...