The vulnerability of the Media Framework component of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the Media Framework component in the Android operating system is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Debian DLA-1153-1 : icedove/thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to crashes or the execution of arbitrary code. With this update the source package name changes from icedove to thunderbird so...

[SECURITY] [DLA 1153-1] icedove/thunderbird security update

Package : thunderbird Version : 1:52.4.0-1deb7u1 CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors,...

Google to Ditch Public Key Pinning in Chrome

Google said that in an upcoming version of Chrome it will deprecate the browser’s support for HTTP public key pinning. Instead, it will adopt the “safer” more flexible solution of Expect-CT headers. HTTP public key pinning HPKP is a browser security measure that protects against an SSL certificat...

The vulnerability of the PostscriptDelegateMessage function (coders/ps.c) in the console-based image editing tool ImageMagick allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PostscriptDelegateMessage function coders/ps.c in the console-based image editing tool ImageMagick is related to pointer assignment errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protect...

Update Rollup 4 for System Center 2016 Virtual Machine Manager

Update Rollup 4 for System Center 2016 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 4 for Microsoft System Center 2016 Virtual Machine Manager. There are three updates that are available for Virtual Machine Manager, one for the Virtual...

SUSE-SU-2017:2831-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2017-1000254: FTP PWD response parser out of bounds read bsc1061876 - CVE-2017-1000257: IMAP FETCH response out of bounds read bsc1063824 Bugs fixed: - Fixed error 'error:1408F10B:SSL routines' when connecting to ftps v...

The vulnerability of the Microsoft Windows Search component on Windows operating systems allows a perpetrator to execute arbitrary code or obtain confidential system information.

The vulnerability of the Microsoft Windows Search component in Windows operating systems is related to errors in processing objects in memory. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code or obtain confidential system information through the SMB connection...

openSUSE Security Update : cacti and cacti-spine (openSUSE-2017-1173)

This update for cacti and cacti-spine fixes the following issues : Build version 1.1.26 - issue841: --input-fields variable not working with addgraphs.php cli - issue986: Resolve minor appearance problem on Modern theme - issue989: Resolve issue with data input method commands loosing spaces on...

FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae)

MIT reports : CVE-2017-11368 : In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462 : RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or...

wpa_supplicant security update

1:0.7.3-9.2 - Fix backport errors CVE-2017-13077, CVE-2017-13080 1:0.7.3-9.1 - avoid key reinstallation CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082...

MGASA-2017-0366 Updated x11-server packages fix security vulnerabilities

In Xext/shm, the shmseg resource id can belong to a non-existing client and abort X server with FatalError "client not in use", or overwrite existing segment of another existing client CVE-2017-13721. Generating strings for XKB data used a single shared static buffer, which offered several...

Debian DLA-1127-1 : sam2p security update

Several vulnerabilites, like heap-based buffer overflows, integer signedness or overflow errors have been found by fpbibi and have been fixed by upstream. For Debian 7 'Wheezy', these problems have been fixed in version 0.49.1-1+deb7u1. We recommend that you upgrade your sam2p packages. NOTE:...

Mozilla Firefox ESR Security Advisories (MFSA2017-21, MFSA2017-22) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Amazon Linux AMI : nagios (ALAS-2017-899)

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the last key value in...

CVE-2017-14955

CheckMK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report...

Debian DLA-1118-1 : firefox-esr security update

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware...

[SECURITY] [DLA 1118-1] firefox-esr security update

Package : firefox-esr Version : 52.4.0esr-2deb7u1 CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees,...

[SECURITY] [DSA 3987-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3987-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 29, 2017 https://www.debian.org/security/faq -...

The vulnerability of the IBM Tivoli Endpoint Manager automation tool, which is part of the BigFix IT equipment management platform, allows a hacker to trigger an emergency shutdown of the system.

The vulnerability of the IBM Tivoli Endpoint Manager automation tool, a unified management platform for IT equipment, is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to trigger an emergency shutdown of the system resulting in memory resource...