81 matches found
[ASA-201701-5] lib32-libpng: denial of service
Arch Linux Security Advisory ASA-201701-5 ========================================= Severity: Low Date : 2017-01-02 CVE-ID : CVE-2016-10087 Package : lib32-libpng Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-120 Summary ======= The package lib32-libpng before...
[ASA-201612-17] lib32-flashplugin: multiple issues
Arch Linux Security Advisory ASA-201612-17 ========================================== Severity: Critical Date : 2016-12-15 CVE-ID : CVE-2016-7867 CVE-2016-7868 CVE-2016-7869 CVE-2016-7870 CVE-2016-7871 CVE-2016-7872 CVE-2016-7873 CVE-2016-7874 CVE-2016-7875 CVE-2016-7876 CVE-2016-7877 CVE-2016-78...
[ASA-201611-27] lib32-libtiff: multiple issues
Arch Linux Security Advisory ASA-201611-27 ========================================== Severity: Critical Date : 2016-11-25 CVE-ID : CVE-2010-2596 CVE-2014-8127 CVE-2014-8130 CVE-2015-7313 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2016-3186 CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-36...
[ASA-201611-12] lib32-gdk-pixbuf2: arbitrary code execution
Arch Linux Security Advisory ASA-201611-12 ========================================== Severity: Critical Date : 2016-11-03 CVE-ID : CVE-2016-6352 Package : lib32-gdk-pixbuf2 Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...
[ASA-201611-4] lib32-curl: multiple issues
Arch Linux Security Advisory ASA-201611-4 ========================================= Severity: High Date : 2016-11-02 CVE-ID : CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8621 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 Package : lib32-curl Type : multiple issues...
[ASA-201610-19] lib32-flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201610-19 ========================================== Severity: Critical Date : 2016-10-26 CVE-ID : CVE-2016-7855 Package : lib32-flashplugin Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...
[ASA-201609-28] lib32-openssl: denial of service
Arch Linux Security Advisory ASA-201609-28 ========================================== Severity: Medium Date : 2016-09-27 CVE-ID : CVE-2016-7052 Package : lib32-openssl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-openssl...
[ASA-201609-26] lib32-gnutls: certificate verification bypass
Arch Linux Security Advisory ASA-201609-26 ========================================== Severity: Medium Date : 2016-09-26 CVE-ID : CVE-2016-7444 Package : lib32-gnutls Type : certificate verification bypass Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...
[ASA-201609-18] lib32-curl: denial of service
Arch Linux Security Advisory ASA-201609-18 ========================================== Severity: Low Date : 20916-09-20 CVE-ID : CVE-2016-7167 Package : lib32-curl Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-curl before...
[ASA-201609-17] lib32-jansson: denial of service
Arch Linux Security Advisory ASA-201609-17 ========================================== Severity: Medium Date : 2016-09-20 CVE-ID : CVE-2016-4425 Package : lib32-jansson Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-jansson...
lib32-glibc: denial of service
CVE-2016-3075 denial of service The getnetbyname implementation in nssdns contains a potentially unbounded alloca call in the form of a call to strdupa, leading to a stack overflow stack exhaustion and a crash if getnetbyname is invoked on a very long name. - CVE-2016-5417 denial of service The...
lib32-glibc: denial of service
clntudpcall allocates a buffer, using alloca, to store the payload of an incoming socket error. If a malicious server floods the client with crafted ICMP and UDP packets, this can cause the client to allocate sufficiently many such temporary buffers to cause a stack frame overflow denial of...
lib32-expat: multiple issues
CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...
lib32-flashplugin: arbitrary code execution
CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 arbitrary code execution Integer overflow vulnerabilities that could lead to code execution. - CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000...
lib32-libssh2: man-in-the-middle
There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...
lib32-glibc: multiple issues
CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...
lib32-libsndfile: multiple issues
CVE-2014-9496 unspecified impact The sd2parsersrcfork function in sd2.c in lib32-libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read. - CVE-2014-9756 denial of service The psffwrite function in...
lib32-nettle: improper cryptographic calculations
CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...
lib32-curl: authentication bypass
A vulnerability was found in a way libcurl uses NTLM-authenticated proxy connections. Libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. Since NTLM-based authentication is...
lib32-libpng: multiple issues
CVE-2015-7981 out-of-bounds read This is an array indexing error, which can lead to an out-of-bounds read of a static buffer. The result is now unsigned no longer negative, but now a huge positive number. - CVE-2015-8126 arbitrary code execution Buffer overflow vulnerabilities in functions...