SuSE 11.2 Security Update : Java 1.6.0 (SAT Patch Number 7332)

java-160-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues : New in release 1.12.2 2012-02-03 : - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name ...

java-1_6_0-openjdk to 1.12.1 (important)

OpenJDK java-160-openjdk was updated to 1.12.1 to fix bugs and security issues bnc801972 Security fixes on top of 1.12.0 - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at...

java-1_6_0-openjdk to 1.12.2 (important)

OpenJDK java-160-openjdk was updated to 1.12.2 to fix bugs and security issues bnc801972 Security fixes on top of 1.12.0 - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Impro...

Fedora 16 : java-1.7.0-openjdk-1.7.0.9-2.3.5.3.fc16 (2013-2188)

The update contains the following security fixes : - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Improve thread pool shutdow...

Fedora 16 : java-1.6.0-openjdk-1.6.0.0-69.1.11.6.fc16 (2013-1898)

Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Updated to icedtea6 1.11.6 - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction...

ArrowChat 1.5.61 - Multiple Vulnerabilities

ArrowChat 1.5.61 - Multiple Vulnerabilities Exploit Title: ArrowChat ?do=" enctype="multipart/form-data" --------------------...

CVE-2012-5145

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout...

CVE-2012-5145

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout...

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout...

CVE-2012-5145

Technical details about CVE-2012-5145 are not publicly available in the provided documents; monitor for updates.

CVE-2012-5145

Removed by vendor...

About Shellcodes in C

This is a follow up of our previous introductory post about shellcodes. Here we aim for coding more complex shellcodes directly in C. We'll mostly use default tools like gcc and as, at the end also a small python script to reorder and pack things. We'll play with linux but the concepts and script...

FreeBSD : chromium -- multiple vulnerabilities (46bd747b-5b84-11e2-b06d-00262d5ed8ee)

Google Chrome Releases reports : 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

RedHat Update for thunderbird RHSA-2013:0145-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for firefox CESA-2013:0144 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 24 to the stable channel. Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame. This is the first Stable release with support for MathML, thanks to WebKit volunteer Dave Barton. This release also contains an...

About shellcodes

In this post we have documented a beginners introduction to shellcode writing. We go from zero to a super simple shellcode using tools you may find already installed in any serious operating system. If you are looking for a digested and more mature way of generating shellcode you should check...

Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)

The XBL.proto.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR...

Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)

The XBL.proto.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR...