MGASA-2019-0329 Updated libjpeg packages fix security vulnerability

The updated packages fix a security vulnerability: Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images. CVE-2019-2201...

Debian DLA-1985-1 : djvulibre security update

It was discovered that there was a NULL pointer dereference issue in the IW44 encoder/decoder within DjVu, a set of compression technologies for high-resolution ssues. For Debian 8 'Jessie', this issue has been fixed in djvulibre version 3.5.25.4-4+deb8u2. We recommend that you upgrade your...

Debian: Security Advisory (DLA-1985-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : spice-gtk (EulerOS-SA-2019-2266)

According to the version of the spice-gtk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server coul...

Security Bulletin: A vulnerability in Apache Ant affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Ant was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2012-2098 DESCRIPTION: Apache Commons Compress and Apache Ant are vulnerable to a denial of service, caused by an error when using bzip2 compression to compress files. By...

CVE-2018-4002

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack,...

CVE-2018-4002

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack,...

Denial of service

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack,...

CVE-2018-4002

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack,...

CVE-2018-4002

The CVE-2018-4002 issue affects CUJO Smart Firewall (firmware 7003) mdnscap, where mdnscap’s mDNS label parsing mishandles compression pointers, creating an uncontrolled recursion that exhausts the call stack and crashes the mdnscap process. An unauthenticated remote attacker can send specially c...

PT-2019-10742 · Cujo · Cujo Smart Firewall

Name of the Vulnerable Software and Affected Versions: CUJO Smart Firewall version 7003 Description: A denial-of-service issue exists due to unsafe handling of label compression pointers in mDNS packets by the mdnscap binary, leading to uncontrolled recursion and eventual stack exhaustion, causin...

SUSE-SU-2019:2668-1 Security update for sudo

This update for sudo provides the following fix: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers bsc1153674. Other issues fixed...

ALPINE-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

UBUNTU-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

LZ4 Buffer Overflow Vulnerability

LZ4 is a lossless compression algorithm. A buffer overflow vulnerability exists in the 'LZ4write32' function in versions of LZ4 prior to 1.9.2, which originates when a networked system or product performs an operation in memory without properly validating the data boundaries, resulting in an...

XNU - Remote Double-Free via Data Race in IPComp Input Path

XNU - Remote Double-Free via Data Race in IPComp Input Path === Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK...

IrfanView User Mode Write Access Conflict Vulnerability (CNVD-2019-36935)

IrfanView is an image viewer by Irfan Skiljan software developer in Bosnia and Herzegovina that supports image browsing, image editing, image format conversion and more. IrfanView 4.53 suffers from a user-mode write access conflict vulnerability. An attacker can exploit this vulnerability to read...

XNU - Remote Double-Free via Data Race in IPComp Input Path Exploit

=== Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK isn't affected over two network interfaces at the same time...

openSUSE: Security Advisory for links (openSUSE-SU-2019:2185-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : links (openSUSE-2019-2185)

This update for links fixes the following issues : links was updated to 2.20.1 : - libevent bug fixes links was updated to 2.20 : - Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with...