xen: security and bugfix update (important)

XEN was updated to fix security issues and bugs. Security issues fixed: - bnc897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc895799 - CVE-2014-7155:...

bash: off-by-one error in deeply nested flow control constructs

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...

Microsoft Internet Explorer Layout Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

bash: off-by-one error in deeply nested flow control constructs

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...

bash: off-by-one error in deeply nested flow control constructs

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...

CVE-2014-4419

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371,...

Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2330-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2330-1 advisory. Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in...

USN-2330-1: Thunderbird vulnerabilities

Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to...

USN-2330-1 thunderbird vulnerabilities

Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to...

Mozilla: Use-after-free setting text directionality (MFSA 2014-72)

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the...

Design/Logic Flaw

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the...

CVE-2014-1567

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2329-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2329-1 advisory. Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang and David Weir discovered multiple memory safety issue...

Firefox ESR 31.x < 31.1 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary...

Ubuntu: Security Advisory (USN-2329-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Thunderbird < 31.1 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote Mac OS X host is a version prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitra...

Mozilla Thunderbird 24.x < 24.8 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird 24.x installed on the remote Mac OS X host is a version prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute...

Firefox ESR 24.x < 24.8 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 24.x installed on the remote host is prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code...

Firefox ESR 24.x < 24.8 Multiple Vulnerabilities

The version of Firefox ESR 24.x installed on the remote host is prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code...

Mozilla Thunderbird 24.x < 24.8 Multiple Vulnerabilities

The version of Thunderbird 24.x installed on the remote host is a version prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary...