UVI-2021-1000951 btrfs: promote debugging asserts to full-fledged checks in validate_super

btrfs: promote debugging asserts to full-fledged checks in validatesuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.44 by commit...

GSD-2021-1000951 btrfs: promote debugging asserts to full-fledged checks in validate_super

btrfs: promote debugging asserts to full-fledged checks in validatesuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.44 by commit...

GMP Library Information Disclosure

The GMP library uses asserts to crash a program at runtime when presented with data it did not anticipate. The library also ignores user requests to remove asserts using Posix's -DNDEBUG. Asserts are a debugging aide intended for developement, and using them in production software ranges from...

Authentication Bypass

pysaml2 is vulnerable to authenticable bypass. The vulnerability exists as asserts are ignored when python is run with optimization options, -O, -OO, or with the PYTHONOPTIMIZE environment variable. This causes the UsernamePasswordMako class to accept any password for any valid user...

Buffer overflow

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow...

UBUNTU-CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

net-snmp security update

5.3.2.2-22.0.2.el510.1 - hrProcessorLoad returns incorrect values for CPUs greater than 100 Jason Luan Orabug 17792842 - snmptrapd: Fix crash due to access of freed memory John Haxby orabug 14391194 - suppress spurious asserts on 32bit Greg Marsden 5.3.2.2-20.1 - Fixed CVE-2012-6151: snmpd crashi...

Updated subversion package fixes security vulnerabilities

moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured b...

net-snmp security and bug fix update

5.3.2.2-20.0.2.el5 - snmptrapd: Fix crash due to access of freed memory John Haxby orabug 14391194 5.3.2.2-20.0.1.el5 - suppress spurious asserts on 32bit Greg Marsden 5.3.2.2-20 - fixed error message when the address specified by clientaddr option is wrong or cannot be bound 840861 5.3.2.2-19 -...

python: PyString_FromStringAndSize does not check for negative size values

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyStringFromStringAndSize function, which allocates less memory than expected when assert is disabled and triggers a buffer overflow...

Fedora 10 : gupnp-0.12.8-1.fc10 (2009-5861)

New upstream release that fixes a bug where the gupnp stack crashes when passed empty content ChangeLog here http://git.gupnp.org/cgit.cgi?url=gupnp/tree/NE WS&id=ce714a6700ce03953a2886a66ec57db59205f4e6 Bug report here http://bugzilla.openedhand.com/showbug.cgi?id=1604 Other bugs fixed here. -...

Pragma FortressSSH SSH server DoS

Multiple user-reachable assert's...

CVE-2006-0678

PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service server crash via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553...