Debian Security Advisory DSA 3313-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2015-3290 Andy Lutomirski discovered that the Linux kernel does not properly handle nested NMIs. A local, unprivileged user could use this flaw for privilege...

Critical: Red Hat Security Advisory: java-1.7.1-ibm security update

Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

CVE-2015-1277

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures...

Apache Groovy Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Groovy. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Closure implementation which accepts and deserializes a Java serialized binary strea...

lib32-flashplugin: arbitrary code execution

CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...

OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)

An information leak flaw was found in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

CVE-2015-2370

The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection...

[SECURITY] Fedora 22 Update: libssh-0.7.1-1.fc22

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

CVE-2015-4244

The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash CF file, aka Bug ID CSCuu75278...

Updated openssl package fixes security vulnerability

During certificate verification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...

openssl: man-in-the-middle

During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the ...

Vulnerability in OpenSSL - Alternative chains certificate forgery

An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. Found by Adam...

CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability

In November 2014, SEARCH-LAB Ltd. discovered a security vulnerability in Microsec e-Szigno, and Netlock Mokka computer applications that are used to generate and validate digital signatures, which are applied within the official Hungarian government processes. The vulnerability affected the...

CVE-2015-4238

Cisco ASA SNMP DoS (CVE-2015-4238) affects ASA Software 8.4(7) and 8.6(1.2). An authenticated remote attacker can cause a device reload by sending a high rate of SNMP requests during heavy network traffic due to SNMP handling/resource management issues (Bug CSCul02601). Impact is denial of servic...

SOL16879 - Apache Portable Runtime vulnerability CVE-2011-1928

The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...

[SECURITY] [DLA 262-1] libcrypto++ security update

Package : libcrypto++ Version : 5.6.0-6+deb6u1 CVE ID : CVE-2015-2141 Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow...

Amazon Releases S2N TLS Crypto Implementation to Open Source

Amazon today released to open source its own TLS implementation called s2n, which stands for signal to noise. While admittedly not meant to be a replacement for OpenSSL, for example, s2n is a slimmed-down crypto implementation analogous to libssl, the OpenSSL library that supports TLS. Amazon chi...

[SECURITY] [DSA 3296-1] libcrypto++ security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3296-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq -...

Android Debugger vulnerability exists, you can get the device memory data-vulnerability warning-the black bar safety net

A structure of delicate ELFExecutable and Linkable Formatfile can cause the debugger to crash, and then through the tombstone file and the corresponding logd log files exposure of memory contents. This can be used for denial of service attacks, can help bypass ASLR to execute malicious code. Only...

USN-2654-1: Tomcat vulnerabilities

It was discovered that the Tomcat XML parser incorrectly handled XML External Entities XXE. A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0119 It was discovered that Tomcat incorrectly handled data with malformed chunk...