Debian Security Advisory DSA 3111-1 (cpio - security update)

Michal Zalewski discovered an out of bounds write issue in cpio, a tool for creating and extracting cpio archive files. In the process of fixing that issue, the cpio developers found and fixed additional range checking and null pointer dereference issues. OpenVAS Vulnerability Test $Id:...

DSA-3111-1 cpio - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3111-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)

This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3103)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3103 advisory. - ALSA: control: Protect user controls against concurrent access Lars-Peter Clausen Orabug: 20192540 CVE-2014-4652 - target/rd: Refactor...

OracleVM 3.3 : rpm (OVMSA-2014-0083)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix race condidition where unchecked data is exposed in the file system CVE-2013-64351163059 - Fix thinko in the non-root python byte-compilation fix - Byte-compile versioned python libdirs in non-roo...

Fedora 19 : xen-4.2.5-6.fc19 (2014-16017)

Excessive checking in compatibility mode hypercall argument translation, Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor, fix segfaults and failures in xl migrate --debug Note that Tenable Network Security has extracted the preceding description block directly from the...

CVE-2014-8867

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O MMIO emulated in the hypervisor, which allows local HVM guests to cause a denial of service host crash via unspecified vectors...

OracleVM 2.2 : openssl (OVMSA-2014-0007)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 ...

Ruby < 2.1.3 'encodes' Function DoS Vulnerability - Windows

Ruby is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby";...

binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

arm-none-eabi-binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

Host Based Intrusion Detection System: Samhain

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. samhain is a file and host integrity and intrusion alert system...

Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

No description provided by source. Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans t...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2014-3085)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3085 advisory. - USB: whiteheat: Added bounds checking for bulk command response James Forshaw Orabug: 19849335 CVE-2014-3185 - HID: fix a couple of off-by-ones...

Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

Exploit for linux platform in category dos / poc Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool...

[slackware-security] openssh

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openssh-6.7p1-i486-1slack14.1.txz: Upgraded. This update fixes a security issue that allows remote servers...

BlackBerry 10 Open to Bug That Allows Malicious App Installation

BlackBerry has patched a vulnerability in its BlackBerry 10 devices that could allow an attacker to intercept users’ traffic to and from the BlackBerry World app store and potentially install malware on a targeted device. The vulnerability is a weakness in the integrity checking system that...

Amazon Linux AMI : openssl (ALAS-2011-4)

An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List CRL checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past. All OpenSSL users should upgrade to these updated packages,...

Amazon Linux AMI : python-simplejson (ALAS-2014-374)

It was reported that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. Quoting the upstream bug report : 'The sole prerequisites of this attack are that the attacker is able to control or influence the two...