SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)

This update for glibc provides the following fixes : - Increase DTVSURPLUS limit. bsc968787 - Do not copy dname field of struct dirent. CVE-2016-1234, bsc969727 - Fix memory leak in nssdnsgethostbyname4r. bsc973010 - Fix stack overflow in nssdnsgetnetbynamer. CVE-2016-3075, bsc973164 - Fix malloc...

openSUSE Security Update : glibc (openSUSE-2016-852)

This update for glibc provides the following fixes : - Increase DTVSURPLUS limit. bsc968787 - Do not copy dname field of struct dirent. CVE-2016-1234, bsc969727 - Fix memory leak in nssdnsgethostbyname4r. bsc973010 - Fix stack overflow in nssdnsgetnetbynamer. CVE-2016-3075, bsc973164 - Fix malloc...

SUSE-SU-2016:1721-1 Security update for glibc

This update for glibc provides the following fixes: - Increase DTVSURPLUS limit. bsc968787 - Do not copy dname field of struct dirent. CVE-2016-1234, bsc969727 - Fix memory leak in nssdnsgethostbyname4r. bsc973010 - Fix stack overflow in nssdnsgetnetbynamer. CVE-2016-3075, bsc973164 - Fix malloc...

CVE-2016-2177

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3srvr....

CVE-2016-2177

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3srvr....

CVE-2016-2177

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3srvr....

openssl -- denial of service

Mitre reports: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior,...

OpenSLP Denial of Service Vulnerability

OpenSLP Service Location Protocol is an IETF standard protocol developed by the OpenSLP project for dynamic service discovery within the Internet. The protocol supports looking up services in the network by their types and attributes. A denial of service vulnerability exists in the 'xrealloc'...

Tor: Heap corruption via memarea.c

Hello again, There is a potential vulnerability in memarea.c. common/memarea.c: c 230 void 231 memareaallocmemareat area, sizet sz 232 233 memareachunkt chunk = area-first; 234 char result; 235 torassertchunk; 236 CHECKSENTINELchunk; 237 torassertsz nextmem+sz chunk-UMEM+chunk-memsize The...

How to understand stack and heap overflow exploits-a vulnerability warning-the black bar safety net

This article is a detailed description of the heap,and will teach you how to write a heap-based overflow vulnerability. Run the following program: include include include int mainint argc, char argv char buf1 = malloc1 2 8; char buf2 = malloc2 5 6; read's filenostdin, buf1, 2 0 0; freebuf2;...

Fedora 22 : glibc-2.21-11.fc22 (2016-0480defc94)

This updates addresses a critical security vulnerability in the DNS resolver related to AFUNSPEC queries with getaddrinfo CVE-2015-7547. It also includes security fixes for CVE-2015-8777 and CVE-2015-1781. It improves malloc scalability for applications which start and terminate many threads. The...

Wireshark - print_hex_data_buffer / print_packet Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=651 The following crash due to a use-after-free condition can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut --- ==14146==ERRO...

py-pillow -- Integer overflow in Resample.c

The Pillow maintainers report: If a large value was passed into the new size for an image, it is possible to overflow an int32 value passed into malloc, leading the malloc’d buffer to be undersized. These allocations are followed by a loop that writes out of bounds. This can lead to corruption on...

py-imaging, py-pillow -- Buffer overflow in PCD decoder

The Pillow maintainers report: In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, PcdDecode.c has a buffer overflow error. The state.buffer for PcdDecode.c is allocated based on a 3 bytes per pixel sizing, where PcdDecode.c wrote into the buffer assuming 4 bytes per...

SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2015:2088-2)

The LibVNCServer package was updated to fix the following security issues : - bsc897031: fix several security issues : - CVE-2014-6051: Integer overflow in MallocFrameBuffer on client side. - CVE-2014-6052: Lack of malloc return value checking on client side. - CVE-2014-6053: Server crash on a ve...

openSUSE Security Update : LibVNCServer (openSUSE-2015-851)

The LibVNCServer package was updated to fix the following security issues : - bsc897031: fix several security issues : - CVE-2014-6051: Integer overflow in MallocFrameBuffer on client side. - CVE-2014-6052: Lack of malloc return value checking on client side. - CVE-2014-6053: Server crash on a ve...

Analysis of the Linux heap overflow of fastbin-vulnerability warning-the black bar safety net

Some time ago to participate in the RCTF match, encountered a stack overflow topic shaxian it. The vulnerability itself is quite obvious, but due to a heap overflow is not familiar, have not been able to find the use of the method. After reading Fudan University six star clan it is, only know it...

Debian DLA-350-1 : eglibc security update

The strxfrm function is vulnerable to integer overflows when computing memory allocation sizes similar to CVE-2012-4412. Furthermore since it fallbacks to use alloca when malloc fails, it is vulnerable to stack-based buffer overflows similar to CVE-2012-4424. Those issues have been fixed in Debia...

SUSE SLED11 / SLES11 Security Update : LibVNCServer (SUSE-SU-2015:2110-1)

The libvncserver package was updated to fix the following security issues : - bsc897031: fix several security issues : - CVE-2014-6051: Integer overflow in MallocFrameBuffer on client side. - CVE-2014-6052: Lack of malloc return value checking on client side. - CVE-2014-6053: Server crash on a ve...

ProFTPd 1.3.5a Heap Overflow Exploit

ProFTPd version 1.3.5a suffers from heap overflow vulnerabilities. =============================================== Credit: Nicholas Lemonias 0day.today Exploit Market .::PROFTPD v1.3.5a HEAP OVERFLOWS ::. ====================================================== .88888888:. 88888888.88888...