Debian DLA-1175-1 : lynx-cur security update

It was discovered that there was a use-after-free vulnerability in the HTML parser of lynx-cur, a terminal-based web browser. This could have led to memory/information disclosure. For Debian 7 'Wheezy', this issue has been fixed in lynx-cur version 2.8.8dev.12-2+deb7u2. We recommend that you...

[SECURITY] [DLA 1175-1] lynx-cur security update

Package : lynx-cur Version : 2.8.8dev.12-2+deb7u2 CVE ID : CVE-2017-1000211 It was discovered that there was a use-after-free vulnerability in the HTML parser of lynx-cur, a terminal-based web browser. This could have led to memory/information disclosure. For Debian 7 "Wheezy", this issue has bee...

CVE-2017-1000211

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...

CVE-2017-1000211

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...

DEBIAN-CVE-2017-1000211

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...

Design/Logic Flaw

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...

UBUNTU-CVE-2017-1000211

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...

CVE-2017-1000211

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...

CVE-2017-1000211

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...

CVE-2017-1000211

CVE-2017-1000211 affects Lynx up to 2.8.9dev.16, where a use-after-free in the HTML parser (HTML_put_string) can lead to memory disclosure. The issue is triggered by the parser potentially appending a chunk to itself, enabling memory disclosure on affected builds. Reported in multiple advisories ...

CVE-2017-1000211

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring can append a chunk onto itself...

Cloudflare CTO Goes Inside the Cloudbleed Bug

MADRID—John Graham-Cumming presided over a confessional Wednesday at Virus Bulletin 2017. Cloudflare’s chief technology officer was frank and apologetic about February’s Cloudbleed bug, which leaked memory from the content delivery network that included internal private keys and authentication...

libxml2 Denial of Service Vulnerability (CNVD-2017-07341)

Libxml2 is an XML C parser and toolkit developed for the Gnome project but available outside of the Gnome platform, and it is free software under the MIT license. A denial of service vulnerability exists in the htmlParseTryOrFinish function in HTMLparser.c in libxml2. A remote attacker could...

UBUNTU-CVE-2017-8872

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service buffer over-read or information disclosure...

DEBIAN-CVE-2017-8872

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service buffer over-read or information disclosure...

CVE-2017-8872

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service buffer over-read or information disclosure...

CVE-2017-8872

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service buffer over-read or information disclosure...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-848)

This update contains Mozilla Thunderbird 45.2. boo983549 It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed : - CVE-2016-2818, CVE-2016-2815: Memory safety bugs...

libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information...

Ubuntu 14.04 LTS / 16.04 LTS : Thunderbird vulnerabilities (USN-2934-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2934-1 advisory. Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory...