[SECURITY] [DLA 407-1] prosody security update

Package : prosody Version : 0.7.0-1squeeze1+deb6u2 CVE ID : CVE-2016-0756 The flaw allows a malicious server to impersonate the vulnerable domain to any XMPP domain whose domain name includes the attackers domain as a suffix. For example, bber.example would be able to connect to jabber.example an...

Debian DSA-3453-1 : mariadb-10.0 - security update

Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10023-release- notes/...

CVE-2016-1233

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...

CVE-2016-1233

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...

Design/Logic Flaw

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...

CVE-2016-1233

CVE-2016-1233 describes a privilege-escalation in the Debian fuse package: an unspecified udev rule makes the /dev/cuse device world-writable, enabling a local unprivileged user to create or interact with devices via ioctl and potentially modify memory of processes opening the device. Affected ar...

Debian DSA-3451-1 : fuse - security update

Jann Horn discovered a vulnerability in the fuse Filesystem in Userspace package in Debian. The fuse package ships an udev rule adjusting permissions on the related /dev/cuse character device, making it world writable. This permits a local, unprivileged attacker to create an arbitrarily-named...

Debian DLA-388-1 : dwarfutils security update

It was discovered that there was a NULL deference in dwarfutils, a tool to dump DWARF debug information from ELF objects. For Debian 6 Squeeze, this issue has been fixed in dwarfutils version 20100214-1+deb6u1. NOTE: Tenable Network Security has extracted the preceding description block directly...

Debian Security Advisory DSA 3441-1 (perl - security update)

David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution wheezy i...

Gentoo Security Advisory GLSA 201512-11

Gentoo Linux Local Security Checks GLSA 201512-11 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Debian DLA-360-1 : linux-2.6 security update

This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local AFUNIX sockets can result in a use-after-free. This may be used to cause a denial of service crash or possibly for privilege escalation. CVE-2015-7799...

0d1n - Tool For Automating Customized Attacks Against Web Applications

Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. You can do: brute force passwords in auth forms directory disclosure use PATH list to brute, and find HTTP status code test list on input to find SQL Injection and XSS vulnerabilities To run: require libcurl-dev or...

Updated gcc packages fix security vulnerability

It was discovered that the std::randomdevice class in libstdc++ would not properly detect short reads and could return predictable values if applications used it to obtain randomness from a blocking source such as /dev/random. CVE-2015-5276...

CVE-2011-1477

Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service heap memory corruption or possibly gain privileges by leveraging write access to /dev/sequencer...

Mac OS X < 10.11 Multiple Vulnerabilities

Binary data 8982.prm...

Apple iOS < 9.0 Multiple Vulnerabilities

Binary data 8979.prm...

Gentoo Security Advisory GLSA 201405-10

Gentoo Linux Local Security Checks GLSA 201405-10 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

CVE-2015-5876

dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

Memory corruption

dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

CVE-2015-5876

dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...