SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1)

This update for libxml2 fixes the following security issues : - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c bsc963963, bsc965283, bsc981114. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings...

UBUNTU-CVE-2016-6835

The vmxnettxpktparseheaders function in hw/net/vmxnettxpkt.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service buffer over-read by leveraging failure to check IP header length...

Qualcomm Innovation Center Android contributions for MSM denial of service vulnerability (CNVD-2016-06183)

Qualcomm Innovation Center QuIC Android contributions for MSM is a product for the MSM program to support users in building Qualcomm silicon products based on the Android platform and including other enhancements.The MSM QDSP6 audio driver for also known as sound driver the Linux kernel is an aud...

CVE-2016-2064

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to cause a denial of service buffer over-read or possibly have unspecified...

UBUNTU-CVE-2016-2064

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to cause a denial of service buffer over-read or possibly have unspecified...

openSUSE Security Update : mbedtls (openSUSE-2016-903)

This mbedtls update to version 1.3.17 fixes the following issues : Security issues fixed : - Fix missing padding length check in mbedtlsrsarsaespkcs1v15decrypt required by PKCS1 v2.2 - Fix a potential integer underflow to buffer overread in mbedtlsrsarsaesoaepdecrypt. It is not triggerable remote...

UBUNTU-CVE-2016-6288

The phpurlparseex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via vectors involving the smartstr data type...

MGASA-2016-0257 Updated imagemagick packages fix security vulnerabilities

Updated imagemagick package fixes security vulnerabilities: The OpenBlob function in blob.c in ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename CVE-2016-5118. Integer overflow in MagickCore/profile.c CVE-2016-5841. Buffer overread in...

Updated imagemagick packages fix security vulnerabilities

Updated imagemagick package fixes security vulnerabilities: The OpenBlob function in blob.c in ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename CVE-2016-5118. Integer overflow in MagickCore/profile.c CVE-2016-5841. Buffer overread in...

DEBIAN-CVE-2015-8947

hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052...

CVE-2016-2068

The MSM QDSP6 audio driver aka sound driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service integer overflow, and buffer overflow or buffer over-read via...

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

The vulnerability exists in the scan function in ext/date/lib/parseisointervals.c in PHP, due to an incorrect limitation on the creation of DateInterval objects. Exploiting this vulnerability allows malicious actors, operating remotely, to trigger a service failure reading beyond the buffer in...

The vulnerability of the Wireshark Network Protocol Analyzer software allows a remote attacker to compromise the accessibility of protected information.

The vulnerability in the getquotedstring and getunquotedstring functions in the CUPS dissector epan/dissectors/packet-cups.c in Wireshark allows malicious actors operating remotely to trigger a service failure—i.e., reading beyond the buffer and an emergency termination of the application—by usin...

Oracle Linux 6 / 7 : libxml2 (ELSA-2016-1292)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1292 advisory. - Heap-based buffer overread in xmlNextChar CVE-2016-1762 - Bug 763071: Heap-buffer-overflow in xmlStrncat CVE-2016-1834 - Bug 757711:...

OracleVM 3.3 / 3.4 : libxml2 (OVMSA-2016-0087)

The remote OracleVM system is missing necessary patches to address critical security updates : - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball - Heap-based buffer overread in xmlNextChar CVE-2016-1762 - Bug 763071: Heap-buffer-overflow in...

libxml2: Heap-based buffer overread in htmlCurrentChar

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

libxml2: Heap-based buffer-overread in xmlNextChar

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

libxml2: Heap-based buffer overread in xmlDictAddString

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

libxml2 security update

2.9.1-6.0.1.3 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball libxml2-2.9.1-6.3 - Heap-based buffer overread in xmlNextChar CVE-2016-1762 - Bug 763071: Heap-buffer-overflow in xmlStrncat CVE-2016-1834 - Bug 757711: Heap-buffer-overflow in...

SUSE-SU-2016:1538-1 Security update for libxml2

This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c bsc963963, bsc965283, bsc981114. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings...