81 matches found
SUSE-SU-2018:2302-1 Security update for glibc
This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments bsc1094161. Bug fixes: - bsc1086690: Fix crash in resolver on memory allocation failure. - bsc1077763: Fi...
SUSE-SU-2018:0857-1 Security update for ImageMagick
This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact via a crafted file bsc1086011. -...
SUSE-SU-2018:0722-1 Security update for libid3tag
This update for libid3tag fixes the following issues: - CVE-2004-2779 CVE-2017-11551: Fixed id3utf16deserialize in utf16.c, which previously misparsed ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until OOM leading to DoS. bsc1081959...
MGASA-2017-0460 Updated java-1.8.0-openjdk packages fix security vulnerabilities
Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2017-10285, CVE-2017-10346 It was discovered that the Kerberos client implementation in the Libraries...
SUSE-SU-2017:1603-1 Security update for netpbm
This update for netpbm fixes the following issues: Security bugs: CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service abort problem when processing malformed images. bsc1024292 CVE-2017-2581: A out-of-bounds write in writeRasterPbm could be used by...
MGASA-2017-0058 Updated netpbm packages fix security vulnerability
Version 10.73.07 fixes security vulnerabilities: Out-of-bounds write in writeRasterPbm CVE-2017-2581 Out-of-bounds read in expandCodeOntoStack CVE-2017-2579 Out-of-bounds write of heap data in addPixelToRaster CVE-2017-2580 Null pointer dereference in stringToUint CVE-2017-2586 Insufficient size...
SUSE-SU-2016:3107-1 Security update for libass
This update for libass fixes the following issues: CVE-2016-7969, CVE-2016-7970, CVE-2016-7971, CVE-2016-7972: Fixed multiple memory allocation issues found by fuzzing bsc1002982...
SUSE-SU-2016:2725-1 Security update for xen
This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update bsc995792 - CVE-2016-7092: The getpagefroml3e...
SUSE-SU-2015:2195-1 Security update for gdk-pixbuf
The gdk pixbuf library was updated to fix three security issues. These security issues were fixed: - CVE-2015-7673: Fix some more overflows scaling a gif bsc948791 - CVE-2015-4491: Check for overflow before allocating memory when scaling bsc942801 - CVE-2015-7673: Fix an overflow and DoS when...
CVE-2013-1992
Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 DMXGetScreenAttributes, 2 DMXGetWindowAttributes, and 3 DMXGetInputAttributes functions...
CVE-2013-1981
Multiple integer overflows in X.org libX11 1.5.99.901 1.6 RC1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XQueryFont, 2 XF86BigfontQueryFont, 3 XListFontsWithInfo, 4 XGetMotionEvents, 5 XListHosts, 6...
CVE-2008-3520
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation...
USN-31-1: cyrus21-imapd vulnerabilities
Stefan Esser discovered several buffer overflows in the Cyrus IMAP server. Due to insufficient checking within the argument parser of the "partial" and "fetch" commands, an argument like "bodyp" was detected as "body.peek". This could cause a buffer overflow which could be exploited to execute...
GLSA-200410-23 : Gaim: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200410-23 Gaim: Multiple vulnerabilities A possible buffer overflow exists in the code processing MSN SLP messages CAN-2004-0891. memcpy was used without validating the size of the buffer, and an incorrect buffer was used as...
Gaim: Multiple vulnerabilities
Background Gaim is a full featured instant messaging client which handls a variety of instant messaging protocols. Description A possible buffer overflow exists in the code processing MSN SLP messages CAN-2004-0891. memcpy was used without validating the size of the buffer, and an incorrect buffe...
Mandrake Linux Security Advisory : file (MDKSA-2003:030-1)
A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute...
OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12
To: [email protected] [email protected] [email protected] [email protected] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 Advisory number:...
CVE-2003-0778
saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service memory consumption...
Moderate: Red Hat Security Advisory: : Updated ethereal packages are available
Updated ethereal packages are available which fix several security problems. Ethereal is a package designed for monitoring network traffic on your system. Several security issues have been found in Ethereal: Due to improper string and error handling in Ethereal's ASN.1 parser, it is possible for ...
PT-2002-1419 · Ethereal · Ethereal
Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.2 and earlier Description: The issue is related to the ASN.1 parser, which can be exploited by remote attackers to cause a denial of service crash via a certain malformed packet. This occurs because Ethereal allocates...