Mandriva Linux Security Advisory : firefox (MDVSA-2012:145)

Security issues were identified and fixed in mozilla firefox : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2012:147)

Security issues were identified and fixed in mozilla thunderbird : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

Mandriva Update for mozilla-thunderbird MDVSA-2012:147 (mozilla-thunderbird)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for firefox MDVSA-2012:145 (firefox)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mozilla Thunderbird 14.x <= 14 Multiple Vulnerabilities

Binary data 801365.prm...

Mozilla: Memory corruption with bitmap format images with negative height (MFSA 2012-61)

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a negative height value in a BMP image within a...

Mozilla: Memory corruption with bitmap format images with negative height (MFSA 2012-61)

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a negative height value in a BMP image within a...

Firefox < 10.0.7 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 10.0.7 and thus, is potentially affected by the following security issues : - Unspecified memory safety issues exist. CVE-2012-1970 - Multiple use-after-free errors exist. CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,...

Thunderbird 10.0.x < 10.0.7 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Unspecified memory safety issues exist. CVE-2012-1970 - Multiple use-after-free errors exist. CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956,...

Mozilla Thunderbird 10.0.x < 10.0.7 Multiple Vulnerabilities

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Unspecified memory safety issues exist. CVE-2012-1970 - Multiple use-after-free errors exist. CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956,...

Memory corruption with bitmap format images with negative height — Mozilla

Security researcher Frédéric Hoguin reported two related issues with the decoding of bitmap .BMP format images embedded in icon .ICO format files. When processing a negative "height" header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory...

DEBIAN-CVE-2012-2370

Multiple integer overflows in the readbitmapfiledata function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service application crash via a negative 1 height or 2 width in an XBM file, which triggers a heap-based buffer overflow...

Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64

Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. CVE-2006-4484, CVE-2007-3475, CVE-2007-3476 An integer overflow was discovered in the...

Scientific Linux Security Update : gimp on SL5.x i386/x86_64

The GIMP GNU Image Manipulation Program is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap BMP and Personal Computer eXchange PCX image file plug-ins. An attacker could create a specially...

CentOS Update for freetype CESA-2011:1402 centos4 x86_64

Check for the Version of freetype OpenVAS Vulnerability Test CentOS Update for freetype CESA-2011:1402 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CentOS Update for freetype CESA-2011:1402 centos5 x86_64

Check for the Version of freetype OpenVAS Vulnerability Test CentOS Update for freetype CESA-2011:1402 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CentOS Update for freetype CESA-2011:1402 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for freetype CESA-2011:1402 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Oracle Linux 6 kernel security, bug fix and enhancement update

2.6.32-279.el6 - netdrv mlx4: ignore old module parameters Jay Fenlason 830553 2.6.32-278.el6 - kernel sysctl: silence warning about missing strategy for file-max at boot time Jeff Layton 803431 - net sunrpc: make new tcpmaxslottableentries sysctl use CTLUNNUMBERED Jeff Layton 803431 - drm i915:...

kernel: nfs4_getfacl decoding kernel oops

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words...