openSUSE Security Update : ImageMagick (openSUSE-2016-574) (ImageTragick)

This update for ImageMagick fixes the following issues : Security issues fixed : - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-/policy.xml' bsc978061 - CVE-2016-3714: Insufficien...

SUSE: Security Advisory for ImageMagick (SUSE-SU-2016:1260-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for ImageMagick (important)

This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-/policy.xml" bsc978061 - CVE-2016-3714: Insufficient...

SUSE-SU-2016:1260-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-/policy.xml' bsc978061 - CVE-2016-3714: Insufficient...

CVE-2 0 1 6-1 0 1 9: a Magnitude attack tool flash vulnerability-vulnerability warning-the black bar safety net

Last month, Proofpoint has a security researchers found the Magnitude of attack tools there appears to be some new stuff. So in their cooperation we analyzed the sample and found that Magnitude EK added before exist in the Adobe Flash Player Vulnerability, cve-2 0 1 6-1 0 1 9, and then the wild u...

Oracle Java SE Hotspot JSR 292 Method Handles RCE

The version of Oracle Java SE or Java for Business installed on the remote host is affected by an arbitrary code execution vulnerability in the Hotspot subcomponent due to an unsafe implementation of the Reflection API, which improperly processes JSR 292 method handles due to a lack of enforcemen...

imlib2: multiple issues

CVE-2011-5326 denial of service Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. - CVE-2016-3993 information leakage Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory...

PHP 'libxml_disable_entity_loader()' Denial of Service Vulnerability

PHP is an open source general-purpose computer scripting language. PHP threads can share the 'libxmldisableentityloader' setting, allowing remote attackers to exploit the vulnerability by submitting XML external entity injections and entity extensions to crash the application...

Debian DSA-3555-1 : imlib2 - security update

Several vulnerabilities were discovered in imlib2, an image manipulation library. - CVE-2011-5326 Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. - CVE-2014-9771 It was discovered that an integer overflow could lead to invalid memory reads a...

USN-2952-1 php5 vulnerabilities

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...

imlib2 GIF Loader Denial of Service Vulnerability

imlib2 is a general-purpose graphics loading and rendering library. A security vulnerability exists in the GIF loader of imlib2, which can be exploited by an attacker to cause a denial of service out-of-bounds read, or to disclose host memory...

imlib2 Denial of Service Vulnerability (CNVD-2016-01986)

imlib2 is a general-purpose graphics loading and rendering library. A denial of service exists in the 'load' function in the imlib2 modules/loaders/loaderpnm.c file, which allows remote attackers to exploit this vulnerability to crash an application for denial of service attacks...

imlib2 Denial of Service Vulnerability

imlib2 is a general-purpose graphics loading and rendering library. A security vulnerability in the 'load' function in the imlib2 modules/loaders/loadergif.c file allows remote attackers to conduct denial-of-service attacks by exploiting the vulnerability to crash the application...

jre7-openjdk-headless: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jdk7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

The vulnerabilities of Firefox ESR and Firefox, the rendering software Graphite 2, allow attackers to induce service failures or exert other effects.

The vulnerability of the graphite2::GlyphCache::Loader::Loader function in Firefox ESR and Firefox browsers, a component of the Graphite 2 rendering software, arises due to buffer overflow. Exploiting this vulnerability can allow an attacker to cause service interruptions or other effects by usin...

jdk8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jre8-openjdk-headless: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jre8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)

An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions...