[SECURITY] [DSA 3421-1] grub2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3421-1 [email protected] https://www.debian.org/security/ Luciano Bello December 16, 2015 https://www.debian.org/security/faq -...

Mozilla: Underflow through code inspection (MFSA 2015-145)

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP...

CVE-2015-7222

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service incorrect memory allocation and application crash via an MP4 video...

CVE-2015-7218

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a single-byte header frame that triggers incorrect memory allocation...

CVE-2015-7205

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP...

Integer overflow

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a single-byte header frame that triggers incorrect memory allocation...

Integer overflow

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...

CVE-2015-7218

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a single-byte header frame that triggers incorrect memory allocation...

CVE-2015-7219

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...

CVE-2015-7219

CVE-2015-7219 affects Mozilla Firefox before 43.0 via the HTTP/2 implementation. A malformed PushPromise frame can trigger decompressed-buffer length miscalculation and incorrect memory allocation, leading to a denial of service (integer underflow, assertion failure, and application exit). The is...

CVE-2015-7218

CVE-2015-7218 affects Mozilla Firefox before 43.0. The HTTP/2 implementation allows remote DoS via a single-byte header frame that triggers integer underflow and incorrect memory allocation, leading to an assertion and application exit. Public advisories (e.g., Mageia/OpenSUSE/Fedora/Nessus-docum...

CVE-2015-7205

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP...

CVE-2015-7222

Summary: CVE-2015-7222 affects Mozilla Firefox and Firefox ESR. The vulnerability is an integer underflow in Metadata::setData (MetaData.cpp) within libstagefright that can trigger a buffer overflow when parsing MP4 covr metadata, possibly enabling remote code execution or causing a denial of ser...

Debian Security Advisory DSA 3421-1 (grub2 - security update)

Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group, found an integer underflow vulnerability in Grub2, a popular bootloader. A local attacker can bypass the Grub2 authentication by inserting a crafted input as username or password. More information:...

Scientific Linux Security Update : libreoffice on SL6.x i386/x86_64 (20151214)

It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. CVE-2015-4551 An integer underflow flaw leading to a...

CVE-2015-8370

GRUB2 vulnerability CVE-2015-8370 affects Grub2 1.98–2.02 and allows a local, physically proximate attacker to bypass authentication and potentially access sensitive data or cause denial of service via crafted backspace input in grub_username_get (grub-core/normal/auth.c) and grub_password_get (l...

DSA-3421-1 grub2 - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3421-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for libreoffice RHSA-2015:2619-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-7219

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...