Fedora 25 : 1:dovecot (2016-daf90926d4)

Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set. - director: If two users had different tags but the same hash, the users may have been redirected to the wrong tag's hosts. - Index files may have been thought incorrectly...

CVE-2016-8595

The gsmparse function in libavcodec/gsmparser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service assert fault via a crafted AVI file...

CVE-2016-7785

The avireadseek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service assert fault via a crafted AVI file...

shopify-scripts: Incorrect code generation when result of NODE_NEGATE is not used

Introduction ============ Not using the result of NODENEGATE leads to incorrect code generation which could possibly result in arbitrary bytecode generation. Currently it is possible to produce a crash through a SIGABRT via an assert failure. Proof of concept ================ assertfailure.rb...

Denial Of Service (DoS)

mss is vulnerable to denial of service DoS. It uses an assert statement to check if the display is opened on a Linux system. Assert is usually used to test conditions that should have never happened and is to crash early in the case of a corrupt program state. Therefore, a malicious user can...

FreeBSD : cryptopp -- multiple vulnerabilities (eab68cff-bc0c-11e6-b2ca-001b3856973b)

Multiple sources report : CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...

SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2016:2775-1)

This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2016-8887: NULL pointer dereference in jp2colrdestroy jp2cod.c bsc1006836 - CVE-2016-8886: memory allocation failure in jasmalloc jasmalloc.c bsc1006599 - CVE-2016-8884,CVE-2016-8885: two NUL...

SUSE SLES11 Security Update : jasper (SUSE-SU-2016:2776-1)

This update for jasper fixes the following issues: Security fixes : - CVE-2016-8887: NULL pointer dereference in jp2colrdestroy jp2cod.c bsc1006836 - CVE-2016-8886: memory allocation failure in jasmalloc jasmalloc.c bsc1006599 - CVE-2016-8884,CVE-2016-8885: two NULL pointer dereferences in...

openSUSE Security Update : jasper (openSUSE-2016-1263)

This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2008-3522: Buffer overflow in the jasstreamprintf function in libjasper/base/jasstream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related...

tpm2: g_forceFailureMode

Project: https://chromium.googlesource.com/chromiumos/thirdparty/tpm2 Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6356831496568832 Fuzzer: libFuzzertpm2executecommandfuzzer Job Type: libfuzzerasantpm2 Platform Id: linux Crash Type: ASSERT Crash Address: Crash State:...

OPENSUSE-SU-2016:2556-1 Security update for ffmpeg

This update for ffmpeg fixes multiple security issues in ffmpeg boo1003806 These vulnerabilities can be triggered when processing specially crafted avi video content, and could lead to crashes or have unspecified further impact including potential code execution. - CVE-2016-7562: out-of-bounds...

CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

PT-2016-7317

Name of the Vulnerable Software and Affected Versions Crypto++ versions through 5.6.4 Description The issue concerns the lack of documentation for a compile-time definition that disables assert calls, potentially allowing attackers to obtain sensitive information from process memory after an...

On Python vulnerabilities mining those have to mention the thing-vulnerability warning-the black bar safety net

! Foreword Python because of its in the development of larger, more complex application aspects of the unique convenience, so that it in a computer environment becomes more and more indispensable. Although its obvious speech intelligibility and the use friendliness allows the software engineers a...

(size_t)BIO_write(in, buf, len) == len

Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6308967940620288 Fuzzer: libFuzzer Job Type: libfuzzerasanopenssl Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: sizetBIOwritein, buf, len == len fuzzer::Fuzzer::ExecuteCallback fuzzer::Fuzzer::RunOne...

CVE-2016-4053

CVE-2016-4053 in Squid allowed public information disclosure of the server stack layout when processing ESI responses. The issue is documented across multiple advisories (Debian, Red Hat/CentOS, Fedora, Amazon ALAS) with fixes in various branches: Debians fixed squid3 3.1.20-2.2+deb7u5; Jessie/St...

Squid assert函数引起的远程拒绝服务漏洞

来源链接：https://security.tencent.com/index.php/blog/msg/102 分析 笔者对其中一个漏洞补丁进行了分析,发现漏洞的缘由主要由assert函数引起的http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch 。 Assert函数在C程序中称为断言（assertion），用来提示一些可能存在的错误。主要用于程序调试。 函数用法： include void assert int exp ; 功能：...

Squid remote denial of service vulnerability analysis-vulnerability warning-the black bar safety net

Introduction The Squid Cache is an HTTP proxy server software. The Squid a wide range of uses, can be used as a cache server, may filter traffic help network security, but also can be used as a proxy server in the chain of a ring, the up-level proxy to forward the data or directly connected to th...

CentOS Update for libcacard CESA-2016:0083 centos7

Check the version of libcacard SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882388";...

FreeBSD 远程拒绝服务攻击漏洞

0x01 漏洞复现 此漏洞是由于FreeBSD在处理ipv6数据包时，某函数对于数据的检验不严格，导致若传入的ipv6结构体某成员函数为NULL时，在后续函数调用中会触发assert，导致freebsd进入异常处理机制，内核崩溃引发系统重启，下面对此漏洞进行详细分析。 首先对于漏洞环境的搭建我不讲解了，在我的微信公众号上发了一篇文章专门讲解FreeBSD环境的搭建，包括内核调试，vmtools安装等等，环境搭建好之后，通过执行poc.py，发现程序重启，重启过程中，/var/crash下会生成崩溃信息。...