EUVD-2017-1583

Malware in sbrugna...

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy...

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy...

Mageia: Security Advisory (MGASA-2018-0068)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : poppler (EulerOS-SA-2020-2386)

According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent...

EulerOS 2.0 SP3 : poppler (EulerOS-SA-2020-2106)

According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent...

Debian DLA-1819-1 : pyxdg security update

It was discovered that there was a code injection issue in PyXDG, a library used to locate 'FreeDesktop.org' configuration/cache/etc. directories. A lack of sanitisation allowed arbitrary Python code embedded in the Category element of a Menu XML document in a .menu file to be executed. For Debia...

[SECURITY] [DLA 1819-1] pyxdg security update

Package : pyxdg Version : 0.25-4+deb8u1 CVE ID : CVE-2019-12761 Debian Bug : 930099 It was discovered that there was a code injection issue in PyXDG, a library used to locate "FreeDesktop.org" configuration/cache/etc. directories. A lack of sanitisation allowed arbitrary Python code embedded in t...

Important: Red Hat Security Advisory: polkit security update

An update for polkit is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2017-1000456

CVE-2017-1000456 affects freedesktop.org libpoppler 0.60.1 . The issue is a lack of proper boundary validation in TextPool::addWord, causing an overflow in subsequent calculations. This is the concrete vulnerability described in the initial record, and is echoed by multiple Nessus/OSINT entries r...

CVE-2017-1000456

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations...

FreeBSD : libXcursor -- integer overflow that can lead to heap buffer overflow (ddecde18-e33b-11e7-a293-54e1ad3d6335)

The freedesktop.org project reports : It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each...

libXfont -- permission bypass when opening files through symlinks

the freedesktop.org project reports: A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue...

Updated x11-server packages fix security vulnerabilities & bugs

The upstream 1.19.4 update we pushed as: http://advisories.mageia.org/MGASA-2017-0366.html introduced a regression in PRIME syncronization. Upstream released a 1.19.5 that fixes that and a lot of security fixes: CVE-2017-12176 to CVE-2017-12187 Also added a fix for "XShmGetImage: fix censoring"...

Debian DSA-3994-1 : nautilus - security update

Christian Boxdorfer discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An user...

libXfont -- multiple memory leaks

The freedesktop.org project reports: If a pattern contains '?' character, any character in the string is skipped, even if it is '\0'. The rest of the matching then reads invalid memory. Without the checks a malformed PCF file can cause the library to make atom from random heap memory that was...

[SECURITY] Fedora 26 Update: pkgconf-1.3.9-1.fc26

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

Integer overflow

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To...

CVE-2017-2820

CVE-2017-2820 affects freedesktop.org Poppler 0.53.0, where the JPEG 2000 image parsing code is vulnerable to an exploitable integer overflow. A crafted PDF can trigger an out-of-bounds heap memory overwrite, potentially leading to arbitrary code execution when opened in an application using Popp...

CVE-2017-2820

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To...