5615 matches found
[SECURITY] [DSA 4088-1] gdk-pixbuf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4088-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 15, 2018 https://www.debian.org/security/faq -...
A week in security (January 8 – January 14)
It's very early in the year, yet everyone has already had a complete meltdown pun intended over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to help mitigate these threats. However, problems i...
SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0074-1)
This update for glibc fixes the following issues : - A privilege escalation bug in the realpath function has been fixed. CVE-2018-1000001, bsc1074293 - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. CVE-2017-1000408, CVE-2017-1000409, bsc1071319 - An issue in the co...
Debian: Security Advisory (DSA-4088-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fake Spectre and Meltdown patch pushes Smoke Loader malware
The Meltdown and Spectre bugs have generated a lot of media attention, and users have been urged to update their machines with fixes made available by various vendors. While some patches have created more issues than they fixed, we came across a particular one targeted at German users that actual...
Unspecified Vulnerability in Apache Sling JCR ContentLoader XmlReader
Apache Sling JCR ContentLoader is the United States Apache Apache Software Foundation for the Java platform for a set of open source Web framework. The framework can be in the JCR Content Repository Java Content Repository on the creation of content-oriented applications . XmlReader is one of the...
DEBIAN-CVE-2017-1000476
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service...
openSUSE Security Update : gdk-pixbuf (openSUSE-2017-1426)
This update for gdk-pixbuf provides the following fixes : - Add overflow checks when creating pixbuf structures in general - Fix arithmetic overflow in the BMP loader bsc1053417 - Adds support for BMPv3 with bitmasks bsc1053417 This update was imported from the SUSE:SLE-12-SP2:Update update...
SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2017:3441-1)
This update for gdk-pixbuf provides the following fixes : - Add overflow checks when creating pixbuf structures in general - Fix arithmetic overflow in the BMP loader bsc1053417 - Adds support for BMPv3 with bitmasks bsc1053417 Note that Tenable Network Security has extracted the preceding...
SUSE-SU-2017:3441-1 Security update for gdk-pixbuf
This update for gdk-pixbuf provides the following fixes: - Add overflow checks when creating pixbuf structures in general - Fix arithmetic overflow in the BMP loader bsc1053417 - Adds support for BMPv3 with bitmasks bsc1053417...
UBUNTU-CVE-2017-17788
In GIMP 2.8.22, there is a stack-based buffer over-read in xcfloadstream in app/xcf/xcf.c when there is no '\0' character after the version string...
OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow
Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memory Leak Buffer Overflow Exploitation Acknowledgments...
PT-2017-3532
Name of the Vulnerable Software and Affected Versions: glibc version 2.1.1 Description: The issue is related to a memory leak in glibc that can be triggered and amplified through the LD HWCAP MASK environment variable. It is associated with errors in resource management in the dynamic loader ld.s...
Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions
A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function an...
OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
USN-3497-1 openjdk-7 vulnerabilities
It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...
OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...