Fedora 27 : glibc (2017-fb5e227432)

This update fixes minor security bugs CVE-2017-17426, CVE-2017-15804, contains single-threaded optimizations for malloc, and increases compatibility with IBM POWER 9 hardware. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Updated curl packages fix security vulnerability

If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...

CVE-2017-17426

The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...

GNU C Library integer overflow vulnerability (CNVD-2018-00256)

The GNU C Library a.k.a. glibc, libc6 is an open-source, free C language compiler released under the LGPL license. An integer overflow vulnerability exists in the 'malloc' function in version 2.26 of the GNU C Library, which stems from the program returning a small block of memory. No information...

Integer overflow

The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...

CVE-2017-17426

CVE-2017-17426 affects the GNU C Library (glibc/libc6) up to version 2.26. The heap overflow arises from an integer overflow check missing in the per-thread cache (tcache) path when allocating an object near SIZE_MAX, potentially allowing code execution. Exploitation details are not provided in t...

CVE-2017-17426

The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...

UBUNTU-CVE-2017-17426

The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...

FreeBSD : varnish -- information disclosure vulnerability (17133e7e-d764-11e7-b5af-a4badb2f4699)

Varnish reports : A wrong if statement in the varnishd source code means that synthetic objects in stevedores which over-allocate, may leak up to page size of data from a malloc3 memory allocation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

SWFTools Denial of Service Vulnerability (CNVD-2017-37437)

SWFTools is a utility toolset for working with Adobe Flash files SWF files. A security vulnerability exists in the 'wavconvert2mono' function in the lib/wav.c file in SWFTools version 0.9.2, which stems from the program's failure to properly restrict multiplication in malloc calls. The...

CVE-2017-16868

In SWFTools 0.9.2, the wavconvert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service integer overflow and NULL pointer dereference via a crafted WAV file...

Integer overflow

The imagealloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference...

CVE-2017-13136

The imagealloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference...

CVE-2017-13136

The imagealloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference...

CVE-2017-13136

The CVE-2017-13136 issue affects the libbpg 0.9.7 image encoder (bpgenc.c) where an integer overflow in image_alloc allows an invalid malloc and NULL pointer dereference. Public records (NVD/CNVD/CVE records) describe a potential denial of service via memory corruption/backreference and related h...

SWFTools Denial of Service Vulnerability (CNVD-2017-36499)

SWFTools is a utility toolset for working with Adobe Flash files SWF files. A security vulnerability exists in the 'wavconvert2mono' function in the lib/wav.c file in SWFTools version 0.9.2, which stems from the program failing to properly validate WAV data. A remote attacker can exploit this...

CVE-2017-16793

The wavconvert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service incorrect malloc and heap-based buffer overflow or possibly have unspecified other impact via a crafted file...

CVE-2017-16793

Removed by vendor...

Internet Bug Bounty: CVE-2017-13090 wget heap smash

The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...

Design/Logic Flaw

The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...