SUSE-SU-2015:0776-1 Security update for subversion

Apache Subversion was updated to fix three vulnerabilities. The following vulnerabilities were fixed: Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. bsc923793 CVE-2015-0202 Subversion moddavsvn and svnser...

subversion -- DoS vulnerabilities

Subversion Project reports: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion moddavsvn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with...

Debian DLA-109-1 : libyaml-libyaml-perl security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. This update...

Debian DLA-110-1 : libyaml security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. NOTE: Tenable...

Debian DLA-127-1 : pyyaml security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash. NOTE: Tenabl...

Debian DSA-3203-1 : tor - security update

Several denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system. - Jowr discovered that very high DNS query load on a relay could trigger an assertion error. - A relay could crash with an assertion error if a buffer of exactly the wrong...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

[SECURITY] [DLA 178-1] tor security update

Package : tor Version : 0.2.4.26-1deb6u1 Several issues have been discovered and fixed in Tor, a connection-based low-latency anonymous communication system. o Jowr discovered that very high DNS query load on a relay could trigger an assertion error. o A relay could crash with an assertion error ...

Debian Security Advisory DSA 3203-1 (tor - security update)

Several denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system. Jowr discovered that very high DNS query load on a relay could trigger an assertion error. A relay could crash with an assertion error if a buffer of exactly the wrong layo...

OpenSSL SSLv2 Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial-of-service vulnerability exists in OpenSSL SSLv2, which can be exploited by a remote attacker via a constructed...

Design/Logic Flaw

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message...

Apache Axis2 <= 1.6.2 Multiple Vulnerabilities

Apache Axis2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE = "cpe:/a:apache:axis2"; if...

CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods

It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...

CVE-2015-2190

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service assertion failure and application exit via a crafted packet that is improperly handled by the LLDP dissector...

CVE-2015-2190

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service assertion failure and application exit via a crafted packet that is improperly handled by the LLDP dissector...

pcre: incorrect handling of zero-repeat assertion conditions

A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application for example, Konqueror linked against PCRE to crash while parsing malicious regular expressions...

ISC BIND 9.9.6-S2 DNSSEC Validation DoS

According to its self-reported version number, the remote installation of BIND via DNSco is potentially affected by a denial of service vulnerability due to an error relating to DNSSEC validation and the managed-keys feature. A remote attacker can trigger an incorrect trust-anchor management...

libyaml: assert failure when processing wrapped strings

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash...

Design/Logic Flaw

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service assertion failure and daemon exit, or daemon crash by triggering an incorrect trust-anchor...

CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods

It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...