[SECURITY] [DSA 3211-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3211-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 01, 2015 http://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3212-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-3211-1 iceweasel - security update

Bulletin has no description...

Use-after-free due to type confusion flaws — Mozilla

Security researcher Nils used the Address Sanitizer tool to discover two type confusion flaws. The first of these occurs while setting specific attributes of a source element resulting in incorrect object casting. The second flaw occurs when binding a source to a tree when the function fails to...

Debian DLA-184-1 : binutils security update

Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security...

Mandriva Linux Security Advisory : unzip (MDVSA-2015:123)

Updated unzip package fix security vulnerabilities : The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification CVE-2014-8139, the testcompreb CVE-2014-8140 and the getZip64Data CVE-2014-8141 functions. The input errors may result in in arbitrary code...

[SECURITY] [DLA 184-1] binutils security update

Package : binutils Version : 2.20.1-16+deb6u1 CVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multip...

DLA-184-1 binutils - security update

Bulletin has no description...

Adding Linux repository to Veeam hangs on volume discovery and fails silently

When connecting to a Linux repository with Veeam, the connection hangs on the volume discovery step and silently errors out...

[SECURITY] [DLA 178-1] tor security update

Package : tor Version : 0.2.4.26-1deb6u1 Several issues have been discovered and fixed in Tor, a connection-based low-latency anonymous communication system. o Jowr discovered that very high DNS query load on a relay could trigger an assertion error. o A relay could crash with an assertion error ...

Adobe Flash Player Multiple Vulnerabilities - 01 (Mar 2015) - Windows

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...

DEBIAN-CVE-2015-2206

libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to...

Exploiting the DRAM rowhammer bug to gain kernel privileges

Rowhammer blog post draft Posted by Mark Seaborn, sandbox builder and breaker, with contributions by Thomas Dullien, reverse engineer This guest post continues Project Zero’s practice of promoting excellence in security research on the Project Zero blog Overview “Rowhammer” is a problem with some...

Phabricator: Server Side Request Forgery in macro creation

mongoose just getting it out of the way ; Hi, I would like to report a Server Side Request Forgery SSRF 1 in the meme creation section of the phabricator software 2. SSRF is a vulnerability allowing requests to be made from the context of the server. This could allow an attacker to gain access to...

Memory Corruption Vulnerability in Ashampoo Photo Commander's Handling of ICO Images

Ashampoo Photo Commander Free is a photo management software from Germany. Ashampoo Photo Commander handles ICO images with logical errors that allow attackers to exploit vulnerabilities to parse malformed programs and cause the application to crash...

Debian DSA-3179-1 : icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

[SECURITY] [DSA 3179-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3179-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 03, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3179-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian OpenVAS Vulnerability Test $Id: deb3179.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3179-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks GmbH...

Debian: Security Advisory (DSA-3179-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2519-1 eglibc, glibc vulnerabilities

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...