SUSE-SU-2020:2502-1 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3)

This update for the Linux Kernel 4.4.180-94127 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgaconscroll bsc1174247. - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c bsc1173659. - CVE-2020-11668: Fixed a memory...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2122-1)

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-14331: A buffer over write in vgaconscroll was fixed bnc1174205. CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetoot...

CVE-2020-3663

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2020-3663

CVE-2020-3663 affects Qualcomm Snapdragon platforms (multiple Snapdragon Auto/Compute/Connectivity/IoT/Wearables generations) where buffer over-run can occur while fetching track decoder information if the decode- cb size exceeds the allocated buffer. The issue’s root cause is a buffer overflow i...

CVE-2020-3663

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2019-14132

Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150...

Memory corruption

Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150...

CVE-2019-14132

CVE-2019-14132 describes a buffer over-write leading to memory corruption in Qualcomm/Qualcomm-based SoCs (Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile) on devices using QCS605, SA6155P, SM8150. The root cause involves a 0-byte buffer being typecast to another structure, causing me...

PHP 7.3.x < 7.3.1 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40, 7.1.x prior to 7.1.26, 7.2.x prior to 7.2.14 or 7.3.x prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc...

PHP 7.0.x < 7.0.5 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.5. It is, therefore, affected by multiple vulnerabilities : - A buffer over-write condition exists in the finfoopen function due to improper validation of magic files. An unauthenticated, remote...

PHP 5.6.x < 5.6.20 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.20. It is, therefore, affected by multiple vulnerabilities : - A buffer over-write condition exists in the finfoopen function due to improper validation of magic files. An unauthenticated, remote...

Internet Bug Bounty: Buffer over-write in finfo_open with malformed magic file.

https://bugs.php.net/bug.php?id=71527 This bug causes a segfault when running with environment variable USEZENDALLOC set to 0, and also when compiled with ASAN with USEZENDALLOC set and unset. To reproduce, run the following PHP file, with the example magic file below. $ cat magic-open.php Magic...

Debian DLA-460-1 : file security update

A malformed magic file could trigger a segmentation fault and thus crash applications due to a buffer over-write in the filecheckmem function. For Debian 7 'Wheezy', this problem has been fixed in version 5.11-2+deb7u9. We recommend that you upgrade your file packages. NOTE: Tenable Network...

Amazon Linux: Security Advisory (ALAS-2016-698)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 460-1] file security update

Package : file Version : 5.11-2+deb7u9 CVE ID : CVE-2015-8865 A malformed magic file could trigger a segmentation fault and thus crash applications due to a buffer over-write in the filecheckmem function. For Debian 7 "Wheezy", this problem has been fixed in version 5.11-2+deb7u9. We recommend th...

DLA-460-1 file - security update

Bulletin has no description...

Amazon Linux AMI : php56 / php55 (ALAS-2016-698)

The following security-related issues were resolved : Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 Signedness vulnerability causing heap overflow in libgd CVE-2016-3074 Integer overflow in phprawurlencode CVE-2016-4070 Format string vulnerability in phpsnmperror...

Important: php56, php55

Issue Overview: The following security-related issues were resolved: Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 Signedness vulnerability causing heap overflow in libgd CVE-2016-3074 Integer overflow in phprawurlencode CVE-2016-4070 Format string vulnerability in...

Updated file packages fix security vulnerability

The file command was vulnerable to a buffer over-write in with a malformed magic file...

MGASA-2016-0132 Updated file packages fix security vulnerability

The file command was vulnerable to a buffer over-write in with a malformed magic file...