Fedora 29 : curl (2019-697de0501f)

fix TFTP receive buffer overflow CVE-2019-5436 - fix integer overflows in curlurlset CVE-2019-5435 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

[ASA-201905-15] lib32-curl: arbitrary code execution

Arch Linux Security Advisory ASA-201905-15 ========================================== Severity: High Date : 2019-05-31 CVE-ID : CVE-2019-5435 CVE-2019-5436 Package : lib32-curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-963 Summary ======= The package...

FreeBSD : curl -- multiple vulnerabilities (dd343a2b-7ee7-11e9-a290-8ddc52868fa9)

curl security problems : CVE-2019-5435: Integer overflows in curlurlset libcurl contains two integer overflows in the curlurlset function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32 bit architectures and require...

Fedora 30 : curl (2019-3f5b6f0f97)

fix TFTP receive buffer overflow CVE-2019-5436 - fix integer overflows in curlurlset CVE-2019-5435 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Security fix for the ALT Linux 8 package curl version 7.65.0-alt1

7.65.0-alt1 built May 24, 2019 Anton Farygin in task 229802 May 22, 2019 Anton Farygin - 7.65.0 - fixes: CVE-2019-5435: Integer overflows in curlurlset CVE-2019-5436: tftp: use the current blksize for recvfrom...

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.65.0-i586-1slack14.2.txz: Upgraded. This release fixes the following security issues: Integer overflows in curlurlse...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of serviceDoS attacks. The vulnerability exists in the ip6find1stfragopt function in net/ipv6/outputcore.c. A remote attacker could cause integer overflows by leveraging the ability to open a raw socket which results in application crash...

EulerOS Virtualization 3.0.1.0 : libxml2 (EulerOS-SA-2019-1559)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs...

EulerOS Virtualization 3.0.1.0 : libevent (EulerOS-SA-2019-1439)

According to the versions of the libevent package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1475)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The skbflowdissect function in net/core/flowdissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denia...

Denial Of Service (DoS)

libtiff is vulnerable to multiple integer overflows. An attacker can control the write address and/or value to result in denial-of-service or command execution via a crafted TIFF image which triggers an out-of-bounds write...

Integer Overflows

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

[SECURITY] [DLA 1731-2] linux regression update

Package : linux Version : 3.16.64-2 CVE ID : CVE-2016-10741 CVE-2017-5753 CVE-2017-13305 CVE-2018-3639 CVE-2018-5848 CVE-2018-5953 CVE-2018-12896 CVE-2018-13053 CVE-2018-16862 CVE-2018-16884 CVE-2018-17972 CVE-2018-18281 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169...

[SECURITY] [DLA 1731-1] linux security update

Package : linux Version : 3.16.64-1 CVE ID : CVE-2016-10741 CVE-2017-5753 CVE-2017-13305 CVE-2018-3639 CVE-2018-5848 CVE-2018-5953 CVE-2018-12896 CVE-2018-13053 CVE-2018-16862 CVE-2018-16884 CVE-2018-17972 CVE-2018-18281 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3910-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3910-1 advisory. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflushmerge mount option correctly. An attacker could u...

Ubuntu: Security Advisory (USN-3910-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1715-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.144-3.1deb8u1 CVE ID : CVE-2017-18249 CVE-2018-1128 CVE-2018-1129 CVE-2018-3639 CVE-2018-5391 CVE-2018-5848 CVE-2018-6554 CVE-2018-12896 CVE-2018-13053 CVE-2018-13096 CVE-2018-13097 CVE-2018-13100 CVE-2018-13406 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612...

libssh2 -- multiple issues

libssh2 developers report: Defend against possible integer overflows in compmethodzlibdecomp. Defend against writing beyond the end of the payload in libssh2transportread. Sanitize paddinglength - libssh2transportread. This prevents an underflow resulting in a potential out-of-bounds read if a...

CVE-2018-20788

drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted...

SUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2019:0450-1)

This update for procps fixes the following security issues : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the...