Important: Red Hat Security Advisory: procps security update

An update for procps is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

procps: Integer overflows leading to heap overflow in file2strvec

Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec. These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities...

Drawing Outside the Box: Precision Issues in Graphic Libraries

By Mark Brand and Ivan Fratric, Google Project Zero In this blog post, we are going to write about a seldom seen vulnerability class that typically affects graphic libraries though it can also occur in other types of software. The root cause of such issues is using limited precision arithmetic in...

CVE-2018-6174

Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page...

SUSE SLES11 Security Update : procps (SUSE-SU-2018:2042-1)

This update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the...

Debian DLA-1438-1 : opencv security update

Early versions of opencv have problems while reading data, which might result in either buffer overflows, out-of bounds errors or integer overflows. Further assertion errors might happen due to incorrect integer cast. For Debian 8 'Jessie', these problems have been fixed in version...

[SECURITY] [DLA 1438-1] opencv security update

Package : opencv Version : 2.4.9.1+dfsg-1+deb8u2 CVE ID : CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136 CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268...

Debian: Security Advisory (DLA-1433-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : procps-ng (EulerOS-SA-2018-1198)

According to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec CVE-2018-1124 - procps-ng, procps: incorrect integer size in...

openSUSE: Security Advisory for procps (openSUSE-SU-2018:1848-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: IBM Tivoli Monitoring (CVE-2015-1829, CVE-2015-3183, CVE-2015-1283, CVE-2015-4947, CVE-2015-2808)

Summary IBM Tivoli Monitoring utilizes the IBM HTTP Server IHS as the default HTTP server for the portal server. IBM HTTP Server is affected by the following CVEs as listed below: CVE-2015-1829, CVE-2015-3183, CVE-2015-1283, CVE-2015-4947, CVE-2015-2808. Vulnerability Details CVEID: CVE-2015-1829...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation for Multiplatforms (CVE-2015-1283)

Summary WebSphere Application Server is shipped as a component of IBM Tivoli System Automation for Multiplatforms. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION:...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM API Management (CVE-2015-4947 CVE-2015-1283 CVE-2015-1788)

Summary There are multiple vulnerabilities in IBM HTTP Server 8.5.5.4 that is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-4947 DESCRIPTION: IBM HTTP Server Administration Server could be vulnerable to a stack buffer...

CVE-2018-12264

Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...

CVE-2018-12264

Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...

PYSEC-2018-131

Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...

CVE-2018-12264

Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...

CVE-2018-12264

Exiv2 0.26 contains an integer overflow in LoaderTiff::getData() (preview.cpp), leading to an out-of-bounds read in Exiv2::ValueType::setDataArea (value.hpp). Exploitation could cause crashes or memory corruption. The vulnerability is addressed in later Exiv2 revisions (e.g., upgrade to the 0.27....

CVE-2018-12264

Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...

Amazon Linux 2 : procps-ng (ALAS-2018-1031)

Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec. These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities...