DSA-2977-1 libav - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: lzo-2.08-1.fc20

LZO is a portable lossless data compression library written in ANSI C. It offers pretty fast compression and very fast decompression. Decompression requires no memory. In addition there are slower compression levels achieving a quite competitive compression ratio while still decompressing at this...

Microsoft HTML Help <= 6.1 Stack Overflow

No description provided by source. Source: http://aluigi.org/adv/chm1-adv.txt Luigi Auriemma Application: Microsoft HTML Help http://www.microsoft.com Versions: = 6.1 Platforms: Windows any version included the latest Windows 7 Bug: stack overflow Date: 12 Apr 2011 found 20 Feb 2011 Author: Luigi...

wu-ftpd 2.4.2/2.5 .0/2.6 .0/2.6.1/2.6.2 - FTP Conversion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2240/info Some FTP servers provide a conversion service that pipes a requested file through a program, for example a decompression utility such as tar, before it is passed to the remote user. Under some configurations whe...

Dart ZipLite Compression 1.8.5.3 DartZipLite.DLL ActiveX Control Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24099/info The Dart ZipLite Compression ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer...

Zlib 1.1.4 Compression Library gzprintf() Buffer Overrun Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/6913/info A buffer-overrun vulnerability has been reported in the Zlib compression library. Due to the use of 'vsprintf' by an internal Zlib function, an attacker can cause memory to become corrupted. This buffer overrun...

Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities

No description provided by source. Title: ====== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities Date: ===== 2013-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1009 VL-ID: ===== 1009 Common Vulnerability Scoring System:...

Man Utility 2.3.19 Local Compression Program Privilege Elevation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8675/info A vulnerability has been reported in man that may allow an attacker to gain elevated privileges. The problem lies in man failing to carry out sufficient sanity checks before executing a user-defined compression...

RARLAB WinRAR 3.x LHA Filename Handling Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19043/info WinRAR is susceptible to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This vulnerability allow...

20-Year Old Vulnerability Patched in Compression Algorithm

A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...

20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars

A 20 year old critical subtle integer overflow vulnerability has been discovered in Lempel-Ziv-Oberhumer LZO, an extremely efficient data compression algorithm that focuses on decompression speed, which is almost five times faster than zlib and bzip compression algorithms. Lempel-Ziv-Oberhumer LZ...

mencoder -- potential buffer overrun when processing malicious lzo compressed input

Michael Niedermayer and Luca Barbato report in upstream ffmpeg: avutil/lzo: Fix integer overflow...

Uzbey: Breach Attack Vulnerability

Breach Attack Vulnerability Respected Sir/Madam I Hope Your Cooperate With Me Cause It's Not Easy To Find Vulnerability On Your Official Website. Vulnerability description This web application is potentially vulnerable to the BREACH attack.An attacker with the ability to: Inject partial chosen...

openssl security update

Package: openssl Version: 0.9.8o-4squeeze16 CVE ID: CVE-2014-0224 CVE-2012-4929 CVE-2014-0224 This update updates the upstream fix for CVE-2014-0224 to address problems with renegotiation under some conditions. original text: KIKUCHI Masashi discovered that carefully crafted handshakes can force...

openssl security update

Package: openssl Version: 0.9.8o-4squeeze16 CVE ID: CVE-2014-0224 CVE-2012-4929 CVE-2014-0224 This update updates the upstream fix for CVE-2014-0224 to address problems with renegotiation under some conditions. original text: KIKUCHI Masashi discovered that carefully crafted handshakes can force...

DLA-0008-1 openssl - security update

Bulletin has no description...

openSUSE Security Update : samba (openSUSE-SU-2013:1921-1)

" - Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; bnc844720. + pamwinbind login without requiremembershipof restrictions; CVE-2012-6150; bnc853347. - Make use of the full gpg pub key file name including the key ID. - Add transparent file compression...

openSUSE Security Update : libvorbis (openSUSE-2012-141)

Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

openSUSE Security Update : openssl (openSUSE-SU-2013:1630-1)

This update disables compression in openssl by default, as the varying sizes resulting from compression can be used to retrieve plaintext in various cases. CRIME attack CVE-2012-4929. This update introduces a environment variable OPENSSLNODEFAULTZLIB which can be set to 'no' to reenable compressi...