GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE 16.7 to 18.9.7, 18.10...

Exploit for Double Free in Xhttp_Project Xhttp

CVE-2023-38434 xHTTP commit 72f812d and below suffers from a...

java-17-openjdk security, bug fix, and enhancement update

1:17.0.4.0.8-0.2.ea - Revert the following changes until copy-java-configs has adapted to relative symlinks: - Move cacerts replacement to install section and retain original of this and tzdb.dat - Run tests on the installed image, rather than the build image - Introduce variables to refer to the...

Part II: Returning to Adobe Reader symbols on macOS

Posted by Mateusz Jurczyk, Project Zero In a blog post titled "The story of Adobe Reader symbols" published in October 2019, I presented an analysis of the debug symbols shipped with some older versions of Adobe Reader for Unix-family systems released between 1997-2013. Such symbols can prove...

The story of Adobe Reader symbols

Posted by Mateusz Jurczyk, Project Zero Modern day security analysis of client applications is often hindered by the inaccessibility of their source code and other aids such as debug symbols. As a result, it is necessary to perform completely black-box reverse engineering of the software, in orde...

java-1.7.0-openjdk security update

1:1.7.0.211-2.6.17.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.211-2.6.17.1 - Produce debug symbols for libpulse-java.so - Set ITCFLAGS=-g so that debug symbols for the pulse audio - native library are being produced. This is needed to fix - rpmdiff errors of missing .debuginfo in...

java-1.7.0-openjdk security update

1:1.7.0.211-2.6.17.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.211-2.6.17.1 - Produce debug symbols for libpulse-java.so - Set ITCFLAGS=-g so that debug symbols for the pulse audio - native library are being produced. This is needed to fix - rpmdiff errors of missing .debuginfo in...

Microsoft Windows - Kernel ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode...

Microsoft Windows Kernel - 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode applications via an undocumented gdi32!NamedEscape API...

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of...

On the use of Adobe 0day – CVE-2 0 1 4-0 5 0 2 attack behavior analysis-vulnerability warning-the black bar safety net

The other day FireEye released a use AdobeFlash new 0day attack report, and Adobe has been based on vulnerabilities released a security update. According to FireEye report, many sites will redirect visitors to the following contain a Trojan the malicious Server: Peterson Institute for...

libtiff security update

3.5.7-31.el3 - Fix some additional LZW decoding vulnerabilities back-port from tiff-3.6.1 Resolves: 458810 - Force debug symbols to be generated by adding GCOPTS=-g; the test used by this old configure script is too easily confused 3.5.7-25.el3.5 - Fix LZW decoding vulnerabilities CVE-2008-2327...