Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7...

bind: Improper fetch cleanup sequencing in the resolver can cause named to crash

A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion...

Security fix for the ALT Linux 10 package firefox-esr version 52.7.0-alt1

March 10, 2018 Andrey Cherepanov 52.7.0-alt1 - New ESR version 52.7.0. - Fixes: + CVE-2018-5127 Buffer overflow manipulating SVG animatedPathSegList + CVE-2018-5129 Out-of-bounds write with malformed IPC messages + CVE-2018-5130 Mismatched RTP payload type can trigger memory corruption +...

meg - Fetch Many Paths For Many Hosts (Without Killing The Hosts)

meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating. You get lots of results quickly, but non of the individual hosts get flooded with traffic...

Windows Kernel double fetches in win32kfull!xxxImeWindowPosChanged and win32kfull!InternalRebuildHwndListForIMEClass( CVE-2018-0809)

We have noticed the following code in the win32kfull!xxxImeWindowPosChanged function on Windows 10 version 1709 32-bit listing from the IDA Pro disassembler: .text:000485A4 ; try // except at locF3502 .text:000485A4 mov ebp+msexc.registration.TryLevel, 0 .text:000485AB mov eax, ecx .text:000485AD...

ZZIPlib Denial of Service Vulnerability (CNVD-2018-05513)

ZZIPlib is a set of lightweight file compression tools. A security vulnerability exists in the 'zzipfetchdisktrailer' function of the zzip/zip.c file in ZZIPlib version 0.13.67. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted zip file...

Updated php-smarty packages fix security vulnerability

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...

CVE-2017-3160

CVE-2017-3160 affects Apache Cordova for Android, where on first add/build the Gradle tool is downloaded via an HTTP (not HTTPS) URI by default. This enables a man-in-the-middle (MiTM) attack that can tamper with the Gradle distribution, since the downloaded Gradle executable is immediately execu...

UBUNTU-CVE-2018-6484

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the zzipfetchdisktrailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...

chrome:Cross-origin object leak via fetch

VULNERABILITY DETAILS The promise returned by fetch.callcrossOriginWindow is created in the cross-origin context. Direct cross-origin scripting is not possible because cross-origin function constructors don't work anymore issue 541703 . But the attacker can e.g. call other functions of the...

UBUNTU-CVE-2018-5092

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox 58...

CVE-2018-5092

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox 58...

bind: Improper fetch cleanup sequencing in the resolver can cause named to crash

A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion...

bind: Improper fetch cleanup sequencing in the resolver can cause named to crash

A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion...

USN-3535-1 bind9 vulnerability

Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

UBUNTU-CVE-2017-3145

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1...

CODE EXECUTION (CVE-2018-5189) WALKTHROUGH ON JUNGO WINDRIVER 12.5.1

INTRODUCTION Windows kernel exploitation can be a daunting area to get into. There are tons of helpful tutorials out there and originally this post was going to add to that list. This is the story of how I found CVE-2018-5189 and a complete walkthrough of the exploit development cycle. The idea w...

CVE-2017-3145

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1...

Fedora 27 : curl (2017-b25c8a7087)

fix buffer overflow while processing IMAP FETCH response CVE-2017-1000257 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

CVE-2018-5189

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service buffer overflow or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability...