MGASA-2016-0048 Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

Security update for Java7 (important)

Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes: Security fixes - S8059054, CVE-2016-0402: Better URL processing - S8130710, CVE-2016-0448: Better attributes processing - S8132210: Reinforce JMX collector internals - S8132988: Better printing dialogues - S8133962,...

SUSE-SU-2016:0265-1 Security update for java-1_7_0-openjdk

java-170-openjdk was updated to version 7u95 to fix 9 security issues. bsc962743 - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT...

SUSE-SU-2016:0256-1 Security update for java-1_8_0-openjdk

java-180-openjdk was updated to version 7u95 to fix several security issues. bsc962743 The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472:...

Samsung - libQjpeg Image Decoding Memory Corruption

Samsung - libQjpeg Image Decoding Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=495 The attached JPEG file causes memory corruption the DCMProvider service when the file is processed by the media scanner, leading to the following crash: quaramip.jpg...

Samsung - libQjpeg Image Decoding Memory Corruption

Source: https://code.google.com/p/google-security-research/issues/detail?id=495 The attached JPEG file causes memory corruption the DCMProvider service when the file is processed by the media scanner, leading to the following crash: quaramip.jpg: I/DEBUG 2962: pid: 19350, tid: 19468, name: HEAVY0...

SUSE SLED12 / SLES12 Security Update : libqt5-qtbase (SUSE-SU-2015:1383-1)

This security update fixes the following issues : - Add libqt5-Fix-a-division-by-zero-processing-malformed-BMP.p atch - QTBUG-44547, bsc921999 CVE-2015-0295 - Add libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch - bsc927806 CVE-2015-1858, bsc927807 CVE-2015-1859 - Add...

SUSE-SU-2015:1383-1 Security update for libqt5-qtbase

This security update fixes the following issues: Add libqt5-Fix-a-division-by-zero-processing-malformed-BMP.patch - QTBUG-44547, bsc921999 CVE-2015-0295 Add libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch - bsc927806 CVE-2015-1858, bsc927807 CVE-2015-1859 Add...

CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

CVE-2015-1227

Removed by vendor...

CVE-2015-1220

The CVE-2015-1220 entry relates to Google Chrome/Blink. Concrete details from connected sources show a Use-after-Free in GIFImageReader::parseData within GIFImageReader.cpp (Blink) used by Chrome prior to 41.0.2272.76. The underlying issue is a use-after-free in the GIF decoder that can be trigge...

CVE-2015-1227

The CVE-2015-1227 issue affects Google Chrome’s Blink rendering engine (DragImage::create in platform/DragImage.cpp). The root cause is uninitialized memory used for image drawing, as reported for Chrome versions prior to 41.0.2272.76. This memory initialization flaw could allow a remote attacker...

UBUNTU-CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

chromium-browser: Uninitialized value in blink

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

UBUNTU-CVE-2014-9655

The 1 putcontig8bitYCbCr21tile function in tifgetimage.c or 2 NeXTDecode function in tifnext.c in LibTIFF allows remote attackers to cause a denial of service uninitialized memory access via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif...

UBUNTU-CVE-2015-1361

platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact...

Mozilla Firefox ESR Multiple Vulnerabilities-02 (Sep 2014) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Thunderbird Multiple Vulnerabilities-02 (Sep 2014) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...