MGASA-2015-0424 Updated openafs packages fix security vulnerabilities

Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762...

OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization...

Linux kernel buffer overflow vulnerability (CNVD-2015-06888)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability in the 'sctpinit' function in the net/sctp/protocol.c file in Linux kernel versions 4.2.2 and earlier stems from the presence of a failure to correctl...

OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization...

DEBIAN-CVE-2015-7799

The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted PPPIOCSMAXCID ioctl call...

CVE-2015-5283

The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps have finished...

DEBIAN-CVE-2015-5283

The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps have finished...

UBUNTU-CVE-2015-5283

The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps have finished...

SUSE: Security Advisory for Xen (SUSE-SU-2015:0927-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2009-1243)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2765-1 linux-lts-vivid vulnerability

Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...

USN-2761-1 linux vulnerability

Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...

PT-2015-6831 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.2.3 Description: The issue is related to an incorrect sequence of protocol-initialization steps in the sctp init function, which can cause a denial of service, resulting in a panic or memory corruption. This c...

Debian DLA-322-1 : commons-httpclient security update

Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization code in commons-httpclient. This upload fixes this issue by respecting the...

[SECURITY] [DLA 322-1] commons-httpclient security update

Package : commons-httpclient Version : 3.1-9+deb6u2 CVE ID : CVE-2015-5262 Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization...

DLA-322-1 commons-httpclient - security update

Bulletin has no description...

CVE-2015-5842

XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors...

Impero Education Pro is vulnerable

Impero Education Pro is an education management solution from Impero, Inc. that integrates classroom management, desktop management, and computer monitoring software into one package. Impero Education Pro versions prior to 5105 have a security vulnerability. Since the program uses hard-coded CBC...

BSOD with Error: "STOP 0x0000007E and CVhdMp.sys Error: BNIStack failed, network stack could not be initialized"

When attempting to boot Vdisks from Target device a BSOD occurs with the following message: STOP" 0x0000007E and CVhdMp.sys Error: BNIStack failed, network stack could not be initialized...

Hardcoded credentials

Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data...