281 matches found
Critical: Red Hat Security Advisory: dhcp security update
An update for dhcp is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Debian DSA-4133-1 : isc-dhcp - security update
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3144 It was discovered that the DHCP server does not properly clean up closed OMAPI connections, which can lead to...
ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions
ActivePDF Toolkit 8.1.0 multiple RCE Introduction ============ The ActivePDF Toolkit is a Windows library which enhances business processes to stamp, stitch, merge, form-fill, add digital signatures, barcodes to PDF. Both .NET and native APIs are provided. Amongst many other operations, this...
Fedora 26 : flatpak (2018-b5ecac9405)
This is a security fix release that fixes a sandbox escape in the flatpak dbus proxy. This issue was found by Gabriel Campana of The Google Security Team. Major changes in 0.10.3 - Fix dbus proxy vulnerability in authentication phase - Make permission handling ignore unknown permissions for...
Debian DLA-1124-1 : dnsmasq security update
Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of...
RHEL 7 : dnsmasq (RHSA-2017:2836)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2836 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...
RHEL 5 : dnsmasq (RHSA-2017:2840)
The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:2840 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security...
RHEL 6 : dnsmasq (RHSA-2017:2838)
An update for dnsmasq is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
[slackware-security] dnsmasq
New dnsmasq packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/dnsmasq-2.78-i586-1slack14.2.txz: Upgraded. This update fixes bugs and remotely exploitable security...
Critical: Red Hat Security Advisory: dnsmasq security update
An update for dnsmasq is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6...
Critical: Red Hat Security Advisory: dnsmasq security update
An update for dnsmasq is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Critical: Red Hat Security Advisory: dnsmasq security update
An update for dnsmasq is now available for Red Hat Enterprise Linux 7.2 Extended Update Support and Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score,...
Critical: Red Hat Security Advisory: dnsmasq security update
An update for dnsmasq is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Dnsmasq < 2.78 - Integer Underflow
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...
evince security update
CentOS Errata and Security Advisory CESA-2017:2388 An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Important: Red Hat Security Advisory: evince security update
An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
July 7, 2017 – Morning Cyber Coffee Headlines – “Spiderman” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 7, 2017 - Headlines Carbon Black in the News: Residents of these states ar...
I got emails - G Suite Vulnerability
After recent finding about Uber and SendGrid bug, I decided to check other third party applications that were also used for similar cases. During the investigation, some third party applications were found to be vulnerable including G Suite. The initial research of this vulnerability started when...
Tests Crypto Libraries Against Known Attacks: Wycheproof
Rests Crypto Libraries Against Known Attacks Project Wycheproof tests crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but it is not an official Google product. In cryptography, subtle mistakes can have catastrophic consequences. Good...
Vulnerability in OpenSSL - Fix Use After Free for large message sizes
This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a danglin...