SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0074-1)

This update for glibc fixes the following issues : - A privilege escalation bug in the realpath function has been fixed. CVE-2018-1000001, bsc1074293 - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. CVE-2017-1000408, CVE-2017-1000409, bsc1071319 - An issue in the co...

SUSE-SU-2018:0074-1 Security update for glibc

This update for glibc fixes the following issues: - A privilege escalation bug in the realpath function has been fixed. CVE-2018-1000001, bsc1074293 - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. CVE-2017-1000408, CVE-2017-1000409, bsc1071319 - An issue in the cod...

Error 0x7B INACCESSIBLE_BOOT_DEVICE after installing PVS server on a Cisco UCS Server

After installing PVS Server software, or upgrading from a previous version, the first time the server reboots it will not be able to boot successfully anyomre. The server might present a Blue Screen with Error Code 0x7BINACCESSIBLEBOOTDEVICE...

WEM 4.3 - Intermittent crashes of Norskale Broker Service.exe on WEM Broker

Norskale Broker Service.exe on WEM Broker randomly crashes on all WEM Brokers present. Crash dump analysis of this service shows the following: PROCESSNAME: Norskale Broker Service.exe ERRORCODE: NTSTATUS 0xc0000374 - A heap has been corrupted. EXCEPTIONCODE: NTSTATUS 0xc0000374 - A heap has been...

CVE-2017-15244

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

Design/Logic Flaw

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

CVE-2017-15244

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

CVE-2017-14562

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

Design/Logic Flaw

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

Design/Logic Flaw

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

CVE-2017-14546

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

CVE-2017-14562

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

Updated 389-ds-base packages fix security vulnerability

The directory server password lockout policy prevents binds from operating once a threshold of failed passwords has been met. During this lockout, if you bind with a successful password, a different error code is returned. This means that an attacker has no ratelimit or penalty during an account...

MGASA-2017-0340 Updated 389-ds-base packages fix security vulnerability

The directory server password lockout policy prevents binds from operating once a threshold of failed passwords has been met. During this lockout, if you bind with a successful password, a different error code is returned. This means that an attacker has no ratelimit or penalty during an account...

Android Secure Mail Error "THE VPN SERVICE HAS FAILED TO CONNECT"

Secure Mail users receive an error : The VPN service has failed to connect. In the Secure mail logs we find : "2017-03-21T15:30:42.260+0800","MDX-ErrorCodes","WARNING 3","ErrorCodes = 507 507 = Vpn "2017-03-21T15:30:43.946+0800","MDX-ErrorCodes","WARNING 3","ErrorCodes = 602 602 = VpnFailedOption...

SUSE-SU-2017:2264-1 Security update for libzypp

The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 - Fix gpg-pubkey release creation time computation. bsc1036659 - Update...

Security update for libzypp, zypper (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes: - Re-probe on refresh if the repository...

SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:1997-1)

This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed : - CVE-2017-9788: Uninitialized memory reflection in modauthdigest. bsc1048576 Bug fixes : - Remove /usr/bin/http2 link only during package uninstall, not upgrade. bsc1041830 - Don't put the...

SUSE-SU-2017:1997-1 Security update for apache2

This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed: - CVE-2017-9788: Uninitialized memory reflection in modauthdigest. bsc1048576 Bug fixes: - Remove /usr/bin/http2 link only during package uninstall, not upgrade. bsc1041830 - Don't put the backen...

Legal Robot: User enumeration

A security researcher discovered that an unrelated upgrade in our authentication process caused a potential user enumeration vulnerability. The vulnerability was mitigated by existing rate limiting processes, but an attacker could determine which users already had an account based on the error co...