libaacplus: Denial of Service

Background libaacplus is an HE-AAC+ v2 library, based on the reference implementation. Description Multiple vulnerabilities have been discovered in libaacplus. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

Oracle JDK/JRE: Multiple vulnerabilities

Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today's demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's applications...

Logcheck: Root privilege escalation

Background Logcheck mails anomalies in the system logfiles to the administrator. Description The pkgpostinst phase of the Logcheck ebuilds recursively chown the /etc/logcheck and /var/lib/logcheck directories. If the logcheck adds hardlinks to other files in these directories, the chown call will...

Mrxvt: Arbitrary Code Execution

Background Mrxvt is a multi-tabbed rxvt clone with XFT, transparent background and CJK support. Description Mrxvt mishandles certain escape sequences, some of which allow for shell command execution. Impact An attacker with sufficient access to write arbitrary text to the Mrxvt terminal could...

BladeEnc: Buffer overflow

Background BladeEnc is an mp3 encoder. Description A crafted file could cause a buffer overflow in the iterationloop function in BladeEnc. Impact A remote attacker could entice a user to open a specially crafted using BladeEnc, possibly resulting in execution of arbitrary code with the privileges...