Vulnerability in core server (CVE-2015-0242)

Buffer overrun in replacement printf family of functions...

FreeBSD : Xymon -- buffer overrun (1c7cfd05-aaee-11e4-83b4-14dae9d210b8)

Debian reports : web/acknowledge.c uses a string twice in a format string, but only allocates memory for one copy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacqu...

chicken -- buffer overrun in substring-index[-ci]

chicken developer Moritz Heidkamp reports: The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...

OracleVM 2.1 : libtiff (OVMSA-2009-0027)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix buffer overrun risks caused by unchecked integer overflow CVE-2009-2347 Resolves: 507725 - Fix some more LZW decoding vulnerabilities CVE-2009-2285 Resolves: 507725 - Update upstream URL - Use...

[SECURITY] [DLA 75-1] mysql-5.1 security update

Package : mysql-5.1 Version : 5.1.73-1+deb6u1 CVE ID : CVE-2013-2162 CVE-2014-0001 CVE-2014-4274 This update fixes one important vulnerability CVE-2014-4274 and batches together two other minor fixes CVE-2013-2162, CVE-2014-0001. CVE-2014-4274 Insecure handling of a temporary file that could lead...

xen: security and bugfix update (important)

XEN was updated to fix security issues and bugs. Security issues fixed: - bnc897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc895799 - CVE-2014-7155:...

Xymon -- buffer overrun

Debian reports: web/acknowledge.c uses a string twice in a format string, but only allocates memory for one copy...

qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load

Buffer overflow in hw/pci/pcieaer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large lognum value in a savevm image...

qemu: virtio: buffer overrun on incoming migration

Array index error in the virtioload function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image...

FreeBSD : dbus -- multiple vulnerabilities (38242d51-3e58-11e4-ac2f-bcaec565249c)

Simon McVittie reports : Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun CVE-2014-3635. Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections...

krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)

A buffer overflow was found in the KADM5 administration server kadmind when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind...

dbus -- multiple vulnerabilities

Simon McVittie reports: Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun CVE-2014-3635. Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections...

Fedora 19 : krb5-1.11.3-25.fc19 (2014-9305)

This update incorporates the upstream fix for a possible buffer overrun in kadmind when the LDAP kdb backend is in use CVE-2014-4345. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

MITKRB5-SA-2014-001 Buffer overrun in kadmind with LDAP backend

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 MITKRB5-SA-2014-001 MIT krb5 Security Advisory 2014-001 Original release: 2014-08-07 Last update: 2014-08-07 Topic: Buffer overrun in kadmind with LDAP backend CVSSv2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 8.5 Access...

openSUSE Security Update : openssl (openSUSE-SU-2014:1052-1)

This openssl update fixes the following security issues : - openssl 1.0.1i - Information leak in pretty printing functions CVE-2014-3508 - Crash with SRP ciphersuite in Server Hello message CVE-2014-5139 - Race condition in sslparseserverhellotlsext CVE-2014-3509 - Double Free when processing DTL...

openSUSE Security Update : krb5 / krb5-doc / krb5-mini (openSUSE-SU-2014:1043-1)

Thit MIT krb5 update fixes the following security issue : - buffer overrun in kadmind with LDAP backend bnc891082, CVE-2014-4345 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

SuSE 11.3 Security Update : krb5 (SAT Patch Number 9606)

This MIT krb5 update fixes a buffer overrun problem in kadmind : - buffer overrun in kadmind with LDAP back end MITKRB5-SA-2014-001 CVE-2014-4345 MIT krb5 Security Advisory 2014-001. bnc891082 - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-0 01.txt %NASLMINLEVEL 70300 C Tenable Network...

Fedora 20 : krb5-1.11.5-11.fc20 (2014-9315)

This update incorporates the upstream fix for a possible buffer overrun in kadmind when the LDAP kdb backend is in use CVE-2014-4345. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

Debian Security Advisory DSA 2998-1 (openssl - security update)

Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service application crash, large memory consumption, information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP ha...

Debian DSA-2998-1 : openssl - security update

Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service application crash, large memory consumption, information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP ha...