CVE-2016-4415

wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service heap-based buffer overflow and application crash via a crafted file...

Updated w3m packages fix security vulnerabilities

Updated w3m package fixes security vulnerability: A vulnerability was found in w3m package. A maliciously crafted html file opened with specific command could cause the application to crash rhbz1324348...

sudo -- potential privilege escalation via symlink misconfiguration

MITRE reports: sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home///file.txt."...

Tiger - The Unix security audit and intrusion detection tool

Tiger is a security tool that can be use both as a security audit and intrusion detection system. It supports multiple UNIX platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only of POSIX tools and is written entirely in shell language. Tiger has some...

CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path...

CVE-2015-0220

The django.util.http.issafeurl function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL, related to redirect URLs, as demonstrated by a...

kernel security update

kernel 2.6.18-400.1.1 - x86 traps: stop using IST for SS Petr Matousek 1172809 CVE-2014-9322...

wpa_supplicant security update

1:2.0-13 - Use osexec for action script execution CVE-2014-3686...

bash security update

4.2.45-5.4 - CVE-2014-7169 Resolves: 1146324 4.2.45-5.3 - amend patch to match upstream's Related: 1146324 4.2.45-5.2 - Fix-up the patch Related: 1141647...

CVE-2014-3243

Removed by vendor...

CVE-2014-0150

Integer overflow in the virtionethandlemac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow...

gnupg security update

1.4.5-18.1 - fix CVE-2013-4576 acoustic side channel attack on RSA private keys...

Updated python3 and related packages fix security vulnerabilities and prevent an error

Changed behavior of ssl.matchhostname to follow RFC 6125 Also python-virtualenv has had incdir settings altered to avoid "include nested too deeply" error mga11283...

[SECURITY] Fedora 19 Update: zabbix-2.0.9-2.fc19

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

[SECURITY] Fedora 18 Update: drupal7-7.20-1.fc18

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

[SECURITY] Fedora 17 Update: calligra-2.5.0-2.fc17

An integrated office suite...

surf -- private information disclosure

surf does not protect its cookie jar against access read access from other local users...

ruby: Properly initialize the random number generator when forking new process

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

CVE-2010-3172

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted UR...

CVE-2010-4068

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714...