Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20131008)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions pvalloc, valloc, and memalign. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of t...

RHEL 5 : glibc (RHSA-2013:1411)

Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

glibc: three integer overflows in memory allocator

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions pvalloc, valloc, and memalign. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of t...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

DEBIAN-CVE-2013-5717

The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service application crash via a crafted packet that is not properly handled by the wmemblockalloc function in...

UBUNTU-CVE-2013-5717

The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service application crash via a crafted packet that is not properly handled by the wmemblockalloc function in...

USN-1546-1: libgc vulnerability

It was discovered that multiple integer overflows existed in the malloc and calloc implementations in the Boehm-Demers-Weiser garbage collecting memory allocator libgc. These could allow an attacker to cause a denial of service or possibly execute arbitrary code...

Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64

A numeric truncation error was found in the OpenOffice.org memory allocator. If a carefully crafted file was opened by a victim, an attacker could use this flaw to crash OpenOffice.org or, possibly, execute arbitrary code. CVE-2008-3282 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Scientific Linux Security Update : python on SL5.x i386/x86_64

It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySysSetArgv API function, which could result in the addition of the current working directory to the module search path sys.path. A local attacker...

OpenSSL 1.0.1 Memory Corruption

Exploit for multiple platform in category remote exploits Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing...

OpenSSL - ASN1 BIO Memory Corruption

OpenSSL - ASN1 BIO Memory Corruption Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL in production...

Smashing the Linux Heap

MIAMI BEACH–There has been a lot of discussion and research in the last decade on exploiting heap overflows in various platforms, especially Windows. But one researcher has found that there is a heap allocator in the Linux kernel that is, as he describes it, “beautifully exploitable.” Meet SLOB...

CVE-2011-4079

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service slapd crash via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry...

kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab

The nfs4procsetacl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service panic via a crafted attempt to set an ACL...

python security, bug fix, and enhancement update

2.4.3-43 - add missing patch 206 Related: rhbz549372 2.4.3-42 - fix testpyclbr to match the urllib change in patch 204 patch 206 - allow the 'noproxy' environment variable to override 'ftpproxy' in urllib2 patch 207 - fix typos in names of patches 204 and 205 Related: rhbz549372 2.4.3-41 - backpo...

RHEL 5 : python (RHSA-2011:0027)

Updated python packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which...

Low: Red Hat Security Advisory: python security, bug fix, and enhancement update

Updated python packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which...

CVE-2010-2879

Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service heap memory corruption or execute arbitrary code via a crafted 1 element count or 2 element size value in a file...

Fedora Core 11 FEDORA-2009-8349 (apr-util)

The remote host is missing an update to apr-util announced via advisory FEDORA-2009-8349. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Fedora Core 10 FEDORA-2009-8318 (apr-util)

The remote host is missing an update to apr-util announced via advisory FEDORA-2009-8318. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...