CVE-2015-8735

The getvalue function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute aka BT ATT dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service invalid write operation and application crash via a crafted packe...

SUSE SLED11 / SLES11 Security Update : xfsprogs (SUSE-SU-2015:2383-1)

xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfsmetadump bsc939367, CVE-2012-2150 - Fix segfault during xfsrepair run bsc911866 - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition No...

CVE-2015-8660

The ovlsetattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application...

DEBIAN-CVE-2015-8660

The ovlsetattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application...

UBUNTU-CVE-2015-8660

The ovlsetattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application...

Scientific Linux Security Update : sssd on SL7.x x86_64 (20151119)

It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...

ISC BIND named Denial of Service Vulnerability

ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. A security vulnerability exists in the db.c file in named in ISC BIND versions 9.9.8-P2 prior to 9.x and 9.10.3-P2 prior to 9.10.x. The vulnerability can...

ISC BIND 9.x < 9.9.8-P2 / 9.10.x < 9.10.3-P2 Response Parsing Class Attribute Handling DoS

According to its self-reported version number, the remote installation of BIND is affected by a denial of service vulnerability due to improper parsing of incorrect class attributes in db.c. An unauthenticated, remote attacker can exploit this, via a malformed class attribute, to trigger a REQUIR...

bind: responses with a malformed class attribute can trigger an assertion failure in db.c

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...

bind: responses with a malformed class attribute can trigger an assertion failure in db.c

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...

DEBIAN-CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

UBUNTU-CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

OpenSSL: X509_ATTRIBUTE memory leak

A memory leak vulnerability was found in the way OpenSSL parsed PKCS7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash...

DEBIAN-CVE-2015-3195

The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

OpenSSL X509_ATTRIBUTE Structure Information Disclosure Vulnerability

OpenSSL is an open source implementation of SSL for strong encryption of network communications. A security vulnerability exists in OpenSSL's handling of X509ATTRIBUTE, which can be exploited by a remote attacker to send a message containing a special X509ATTRIBUTE structure that triggers a memor...

UBUNTU-CVE-2015-3195

The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

CentOS 7 : sssd (CESA-2015:2355)

Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...