Apple iOS AppleUSBNetworking Memory Corruption Vulnerability

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in the implementation of AppleUSBNetworking in versions prior to iOS 9.3, due to a failure to authenticate data from USB devices...

SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0770-1) (SLOTH)

This update for java-160-ibm fixes the following issues by updating to 6.0-16.20 bsc963937 - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

Fedora 23 : prosody-0.9.10-1.fc23 (2016-5a5c85c5a8)

Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...

Fedora 23 : kernel-4.3.3-303.fc23 (2016-b59fd603be)

Backported i915, networking, and nouveau fixes tagged for stable from 4.4 upstream. Assorted fixes elsewhere. ---- A few bug fixes and backports of all the i915 patches queued for stable from 4.4. ---- A number of fixes across the tree Note that Tenable Network Security has extracted the precedin...

AIX Java Advisory : java_jan2016_advisory.asc (January 2016 CPU) (SLOTH)

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following components : - 2D - AWT - IBM J9 JVM - JAXP - JMX - Libraries - Networking - Security %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Ubuntu: Security Advisory (USN-2913-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jcow v9.9.1 CE - Multiple Persistent Cross Site Vulnerabilities

Document Title: =============== jcow v9.9.1 CE - Multiple Persistent Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1770 Release Date: ============= 2016-02-29 Vulnerability Laboratory ID VL-ID:...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) regression (USN-2910-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2910-2 advisory. USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics...

Linux Kernel - io_submit L2TP sendmsg Integer Overflow

Linux Kernel - iosubmit L2TP sendmsg Integer Overflow / Source: https://code.google.com/p/google-security-research/issues/detail?id=735 In certain kernel versions it is possible to use the AIO subsystem iosubmit syscall to pass size values larger than MAXRWCOUNT to the networking subsystem's...

Linux Kernel - io_submit L2TP sendmsg Integer Overflow

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=735 In certain kernel versions it is possible to use the AIO subsystem iosubmit syscall to pass size values larger than MAXRWCOUNT to the networking subsystem's sendmsg implementation. In the L2TP PPP sendmsg...

USN-2910-1 Linux kernel vulnerability | Cloud Foundry

USN-2910-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges...

Ubuntu 14.04 LTS : glib-networking update (USN-2913-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2913-2 advisory. USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking...

openSUSE Security Update : Mozilla Firefox (openSUSE-2016-259)

This update for MozillaFirefox fixes the following issues : - update to Firefox 44.0.2 - MFSA 2016-13/CVE-2016-1949 bmo1245724, boo966438 Same-origin-policy violation using Service Workers with plugins - Fix issue which could lead to the removal of stored passwords under certain circumstances...

USN-2913-2: glib-networking update

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. Thi...

Socat Security Bypass Vulnerability

Socat is a set of command-line based networking tools. Socat has a security vulnerability that allows an attacker to bypass security restrictions and gain access to sensitive information...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2907-2)

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

USN-2910-1: Linux kernel (Vivid HWE) vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

USN-2910-1 linux-lts-vivid vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

USN-2907-2: Linux kernel (Trusty HWE) vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

USN-2907-1: Linux kernel vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...