SUSE SLES12 Security Update : Recommended update for git (SUSE-SU-2015:2325-1)

The git package was updated to fix the following security issue : - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...

Ubuntu 15.10 : linux vulnerabilities (USN-2851-1)

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service crash the host or potentially execute arbitrary code on the host. CVE-2015-8550...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-2854-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2854-1 advisory. Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2848-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2848-1 advisory. Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the...

USN-2850-1: Linux kernel vulnerabilities

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service crash the host or potentially execute arbitrary code on the host. CVE-2015-8550...

USN-2849-1 linux-lts-utopic vulnerabilities

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service crash the host or potentially execute arbitrary code on the host. CVE-2015-8550...

SUSE-SU-2015:2325-1 Recommended update for git

The git package was updated to fix the following security issue: - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969...

paravirtualized drivers incautious about shared memory contents

ISSUE DESCRIPTION The compiler can emit optimizations in the PV backend drivers which can lead to double fetch vulnerabilities. Specifically the shared memory between the frontend and backend can be fetched twice during which time the frontend can alter the contents possibly leading to arbitrary...

CVE-2015-8550

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service host OS crash or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability...

UBUNTU-CVE-2015-8550

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service host OS crash or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability...

Information disclosure

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

UBUNTU-CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

SUSE-SU-2015:2184-1 Recommended update for git

The git package was updated to fix the following security issue: - Fix remote code execution with recursive fetch of submodules bsc948969...

SUSE SLES12 Security Update : git (SUSE-SU-2015:2025-1)

The git package was updated to fix the following security issue : - Fix remote code execution with recursive fetch of submodules bsc948969. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

openSUSE Security Update : git (openSUSE-2015-737)

Git was updated to fix one security issue. The following vulnerability was fixed : - boo948969: remote code execution with recursive fetch of submodules %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...

USN-2770-1 oxide-qt vulnerabilities

It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. CVE-2015-67...

FreeBSD : firefox -- Cross-origin restriction bypass using Fetch (79c68ef7-c8ae-4ade-91b4-4b8221b7c72a)

Firefox Developers report : Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently report...

Ubuntu 14.04 LTS : Firefox vulnerability (USN-2768-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2768-1 advisory. Abdulrahman Alqabandi and Ben Kelly discovered that the fetch API did not correctly implement the Cross Origin Resource Sharing CORS specification. If a user were...

CVE-2015-7184

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...