tcpdump: multiple overflow issues in protocol decoding

Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...

Ubuntu: Security Advisory (USN-3366-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : OpenJDK 8 regression (USN-3366-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3366-2 advisory. USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update...

USN-3366-2: OpenJDK 8 regression

USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the JPEGImageReader class in...

Updated gdk-pixbuf2.0 packages fix security vulnerability

The gdk-pixbuf2.0 package has been updated to version 2.36.7, which fixes integer overflows in the ico, bmp, and tiff decoder, as well as fixing other bugs...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-860)

Incorrect enforcement of certificate path restrictions : It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using on...

SUSE-SU-2017:1916-1 Security update for jasper

This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jasrealloc function in base/jasmalloc.c and memresize function in base/jasstream.c allow remote attackers to cause a denial of service via a crafted image, which triggers u...

SUSE-SU-2017:1901-1 Security update for jasper

This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jasrealloc function in base/jasmalloc.c and memresize function in base/jasstream.c allow remote attackers to cause a denial of service via a crafted image, which triggers u...

USN-3276-2: shadow regression | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory...

Ubuntu 14.04 LTS / 16.04 LTS : shadow regression (USN-3276-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3276-2 advisory. USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. W...

Ubuntu: Security Advisory (USN-3276-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3276-1: shadow vulnerabilities

Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. CVE-2016-6252 Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other...

Ubuntu 14.04 LTS / 16.04 LTS : shadow vulnerabilities (USN-3276-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3276-1 advisory. Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain...

Updated openjpeg packages fix security vulnerability

Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JPEG 2000 data. CVE-2016-51...

EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1036)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow...

[SECURITY] [DLA 929-1] libpodofo security update

Package : libpodofo Version : 0.9.0-1.1+deb7u1 CVE ID : CVE-2015-8981 CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5886 CVE-2017-6844 CVE-2017-7379 Debian Bug : 854599 854600 854601 854602 854604 859331 Several heap-based buffer overflows, integer overflows and NULL pointer dereferences hav...

FreeBSD : NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler (057e6616-1885-11e7-bb4d-a0d3c19bfa21)

NVIDIA Unix security team reports : NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode layer handler where multiple integer overflows, improper access control, and improper validation of a user input may cause a denial of service or potential escalation of privileges...

Debian DLA-877-1 : tiff security update

libtiff is vulnerable to multiple buffer overflows and integer overflows that can lead to application crashes denial of service or worse. CVE-2016-10266 Integer overflow that can lead to divide-by-zero in TIFFReadEncodedStrip tifread.c. CVE-2016-10267 Divide-by-zero error in OJPEGDecodeRaw...

Denial Of Service (DoS)

expat is vulnerable to denial of service DoS attacks, with the possibility of other attacks. The vulnerability exists because there are multiple integer overflows in the XMLGetBuffer function that leads to a heap-based buffer overflow which may lead to further unspecified impact. CVE-2016-4472 is...

Updated tnef packages fix security vulnerability

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattrread. These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can le...