Security Bulletin: Vulnerability in Apache Commons FileUpload DiskFileItem File Manipulation affects IBM Spectrum Conductor with Spark 2.2.0 (CVE-2016-1000031)

Summary A security vulnerability relating to remote code execution CVE-2016-1000031 has been reported against Apache Commons FileUpload DiskFileItem File Manipulation, which IBM Spectrum Conductor with Spark 2.2.0 uses as a framework for some services. Commons FileUpload 1.3.3 addresses this...

SUSE-SU-2018:1369-1 Security update for ghostscript-library

This update for ghostscript-library fixes the following issues: - CVE-2018-10194: Fixed a stack-based buffer overflow in gdevpdts.c bsc1090099 - Fixed a crash in the fix for CVE-2016-9601...

SUSE-SU-2018:1194-1 Security update for python-pysaml2

This update for python-pysaml2 fixes the following issues: - CVE-2017-1000433: When python optimizations are enabled, any user is able to login without knowing their password. bsc1074662...

Unsafe Deserialization

geode-core is vulnerable to the unsafe deserialization of Java Objects. TcpServer within the Geode locator has a network port which can be used for deserializing data. If an attacker gains access to the Geode locator, they can potentially execute code by deserializing Java Objects. In addition to...

OPENSUSE-SU-2018:0359-1 Security update for chromium

This update for chromium to version 64.0.3282.140 fixes the following security issues: - CVE-2018-6406: Various asan fixes boo1078463, boo1079021 The regular expression library re2 was updated to 2018-02-01...

USN-3270-1 nss vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...

Critical: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

CentOS 6 : glibc (CESA-2017:0680)

An update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] Fedora 25 Update: openjpeg2-2.1.1-3.fc25

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

[SECURITY] Fedora 23 Update: python-rauth-0.7.2-1.fc23

A simple Python OAuth 1.0/a, OAuth 2.0, and Ofly consumer library built...

Mounted Dropbox storage allows "Dropbox.com" to access any file - ownCloud

A bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted. This was caused by a feature of PHP which has been turned off per default as of PHP 5.6.0 in t...

[SECURITY] Fedora 19 Update: python-pillow-2.0.0-16.gitd1c6db8.fc19

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are five subpackages: tk tk interface, qt PIL image wrapper for Qt , sane scanning...

[SECURITY] Fedora 20 Update: python-pillow-2.2.1-7.fc20

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are five subpackages: tk tk interface, qt PIL image wrapper for Qt , sane scanning...

[SECURITY] Fedora 19 Update: python-pillow-2.0.0-14.gitd1c6db8.fc19

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are five subpackages: tk tk interface, qt PIL image wrapper for Qt , sane scanning...

[SECURITY] Fedora 20 Update: mingw-icu-50.1.2-3.fc20

ICU is a set of C and C++ libraries that provides robust and full-featured Unicode and locale support. The library provides calendar support, conversions for many character sets, language sensitive collation, date and time formatting, support for many locales, message catalogs and resources,...

update to version 1.0.0m (critical)

The openssl library was updated to version 1.0.0m fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. -...

SuSE Update for gnutls openSUSE-SU-2014:0325-1 (gnutls)

Check for the Version of gnutls OpenVAS Vulnerability Test $Id: gbsuse201403251.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for gnutls openSUSE-SU-2014:0325-1 gnutls Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program i...

Important: Red Hat Security Advisory: gnutls security update

Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

HackerOne: PNG compression DoS

ztxt: http://www.libpng.org/pub/png/spec/1.1/PNG-Chunks.htmlC.zTXt "zTXT Documentation" tech: http://www.zlib.net/zlibtech.html "zlib technical details" zlibvuln1: http://www.kb.cert.org/vuls/id/680620 zlibvuln2: http://www.kb.cert.org/vuls/id/238678 PNG compression DoS ---------------------...

PT-2013-5677 · Mozilla +4 · Firefox +6

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 25.0.1 Mozilla Firefox ESR 17.x versions prior to 17.0.11 Mozilla Firefox ESR 24.x versions prior to 24.1.1 SeaMonkey versions prior to 2.22.1 NSPR versions prior to 4.10.2 Description: The issue is related t...