[SECURITY] Fedora 32 Update: dotnet5.0-5.0.103-1.fc32

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 33 Update: dotnet3.1-3.1.108-1.fc33

.NET Core is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET Core contains a runtime conforming to .NET Standards a set of...

[SECURITY] Fedora 33 Update: dotnet3.1-3.1.107-1.fc33

.NET Core is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET Core contains a runtime conforming to .NET Standards a set of...

The vulnerability affects the implementation of the `Array.prototype.push` method in JIT-compilers of Firefox and Firefox ESR web browsers, allowing an attacker to execute arbitrary code.

The vulnerability of the Array.prototype.push method in JIT-compilers of Firefox and Firefox ESR browsers is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

EulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2019-1698)

According to the versions of the expat packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attacke...

Trashing the Flow of Data

Posted by Stephen Röttger In this blog post I want to present crbug.com/944062, a vulnerability in Chrome’s JavaScript compiler TurboFan that was discovered independently by Samuel saelo@ via fuzzing with fuzzilli, and by myself via manual code auditing. The bug was found in beta and was fixed...

Microsoft Guidance for Speculative Store Bypass

Executive summary On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities known as Spectre and Meltdown involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. On May 21s...

KLA11253 Microsoft Advisory for Microsoft Windows

On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities known as Spectre and Meltdown involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. On May 21st, a new subclass ...

KLA11030 Speculative Store Bypass and Rogue System Register Read vulnerabilities in Microsoft Surface Products

On January 3, 2018, Microsoft released advisories and security updates related to a recently discovered class of hardware vulnerabilities known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs. On May 21, 2018, Intel announced the Rogue System Registry Read vulnerability. Also a new...

CentOS 7 : gcc (CESA-2018:0849)

An update for gcc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

cpp, gcc, libasan, libatomic, libgcc, libgfortran, libgnat, libgo, libgomp, libitm, libmudflap, libobjc, libquadmath, libstdc++, libtsan security update

CentOS Errata and Security Advisory CESA-2018:0849 An update for gcc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Oracle Linux 7 : gcc (ELSA-2018-0849)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-0849 advisory. - fix incorrect codegen from rdseed intrinsic use 1482762, CVE-2017-11671 Tenable has extracted the preceding description block directly from the Oracle Linux...

RHEL 7 : gcc (RHSA-2018:0849)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0849 advisory. The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: gcc:...

Low: Red Hat Security Advisory: gcc security, bug fix, and enhancement update

An update for gcc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

CVE-2017-17862

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service...

CVE-2017-17862

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service...

APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities

APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It's PEiD for Android. For more information on what this tool can be used for, check out: Android Compiler Fingerprinting Detecting Pirated and Malicious Android Apps...

openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support

It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged...

[SECURITY] Fedora 26 Update: ocaml-4.04.0-10.fc26

OCaml is a high-level, strongly-typed, functional and object-oriented programming language from the ML family of languages. This package comprises two batch compilers a fast bytecode compiler and an optimizing native-code compiler, an interactive toplevel system, parsing tools Lex,Yacc, a replay...

BSA-2017-334

Security Advisory ID : BSA-2017-334 Component : zlib Revision : 2.0: Interim An oldinffast.coptimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant withtheCstandard, for which decrementing a pointer before its allocated memory is undefined. Affect...