java-1.7.0-openjdk security update

1.7.0.45-2.4.3.1.0.1.el510 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1.7.0.45-2.4.3.1.el5 - Updated to icedtea 2.4.3 - Resolves: rhbz1017623 1.7.0.45-2.4.3.0.el5 - fixed and updated tapset - removed bootstrap - source 11 redeclared to 1111 - added source12:...

Bayeux: Reflected Cross-Site Scripting (XSS)

JBossWeb Bayeux has reflected XSS...

[SECURITY] Fedora 18 Update: gegl-0.2.0-11.fc18

GEGL Generic Graphics Library is a graph based image processing framework. GEGLs original design was made to scratch GIMPs itches for a new compositing and processing core. This core is being designed to have minimal dependencies. and a simple well defined API...

Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)

Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption vi...

OpenJDK: Executors state handling issues (Concurrency, 7189103)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency...

phptax 0.8 <= Remote Code Execution Vulnerability

Exploit for php platform in category web applications ----------------------------------------------------- phptax 0.8 Vendor information: "PhpTax is free software to do your U.S. income taxes. Tested under Unix environment. The program generates .pdfs that can be printed and sent to the IRS. See...

t1lib: Off-by-one via crafted Type 1 font

Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service application crash via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid...

squidclamav -- cross-site scripting in default virus warning pages

SquidClamav developers report: This release fix several security issues by escaping CGI parameters. Prior to versions 6.7 and 5.8, CGI script clwarn.cgi was not properly sanitizing input variables, so they could be used to inject arbitrary strings to the generated page, leading to the cross-site...

libmodplug: multiple vulnerabilities reported in <= 0.8.8.3

Off-by-one error in the CSoundFile::ReadDSM function in src/loaddms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a crafted DSM file with a large number of samples...

[SECURITY] Fedora 15 Update: java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15

The OpenJDK runtime environment...

[ MDVSA-2010:193 ] qt-creator

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:193 http://www.mandriva.com/security/ Package : qt-creator Date : October 3, 2010 Affected: 2010.0, 2010.1 Problem Description: A vulnerability has been found in Qt Creator 2.0.0 and previous versions. The...

Design/Logic Flaw

modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...

[SECURITY] Fedora 12 Update: drupal-views-6.x.2.11-1.fc12

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

CVE-2010-0393

The cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with...

[SECURITY] Fedora 9 Update: perl-5.10.0-27.fc9

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

jabberd SASL DoS

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...

perl-Crypt-CBC weaker encryption with some ciphers

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

[SECURITY] Fedora Core 6 Update: perl-5.8.8-12

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

pcre integer overflow

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large 1 min, 2 max, or 3 duplength values that cause an incorrect length calculation and trigger a buffer overflo...

security flaw

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different...