1907 matches found
MGASA-2015-0177 Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerabilities: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests CVE-2015-0202. Subversion moddavsvn and svnserve are vulnerable to a remotely triggerable assertion D...
Fedora 21 : varnish-4.0.3-3.fc21 (2015-4079)
This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread. New upstream release. A bugfix release. Highlights from the changelog : - 26 reported bugs fixed. - Replaced objects are now expired immediately, instead of kept...
Fedora 22 : varnish-4.0.3-3.fc22 (2015-4063)
Added an update that fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread. New upstream release. A bugfix release. Highlights from the changelog : - 26 reported bugs fixed. - Replaced objects are now expired immediately, instead of...
Oracle Linux 7 : pcre (ELSA-2015-0330)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-0330 advisory. - Fix CVE-2014-8964 unused memory usage on zero-repeat assertion condition bug 1169797 Tenable has extracted the preceding description block directly from the...
pcre security and enhancement update
8.32-14 - Fix CVE-2014-8964 unused memory usage on zero-repeat assertion condition bug 1169797 8.32-13 - Disable unsupported JIT mode on little-endian 64-bit PowerPC platform bug 1125642 - Raise optimization level to 3 on little-endian 64-bit PowerPC bug 1123498...
Important: Red Hat Security Advisory: kernel security update
Updated kernel packages that fix three security issues are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
RHEL 6 : kernel (RHSA-2015:0043)
Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Amazon Linux AMI : bind (ALAS-2015-465)
A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. CVE-2014-8500 C Tenable...
Important: bind
Issue Overview: A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. CVE-2014-850...
Fedora 20 : pcre-8.33-8.fc20 (2014-16215)
This release fixes CVE-2014-8964 an unused memory usage on zero-repeat assertion condition Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
python2: multiple issues
CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...
OracleVM 2.1 : kernel (OVMSA-2009-0017)
The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-1895 The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or...
F5 Networks BIG-IP : Linux kernel vulnerability (SOL15852)
The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings. C Tenable...
SOL15852 - Linux kernel vulnerability CVE-2014-3122
The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings. CVE-2014-3122...
Amazon Linux AMI : ruby20 (ALAS-2014-448)
The upstream patch for CVE-2014-8080 introduced checks against the REXML.entityexpansiontextlimit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entityexpansionlimit. As a consequence, even with the patch applied, a small XML...
Medium: ruby21
Issue Overview: The upstream patch for CVE-2014-8080 introduced checks against the REXML.entityexpansiontextlimit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entityexpansionlimit. As a consequence, even with the patch applied,...
Medium: ruby19
Issue Overview: The upstream patch for CVE-2014-8080 introduced checks against the REXML.entityexpansiontextlimit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entityexpansionlimit. As a consequence, even with the patch applied,...
Oracle Linux 6 : kernel (ELSA-2014-1392)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1392 advisory. - kernel futex: Fix errors in nested key ref-counting Denys Vlasenko 1094458 CVE-2014-0205 Tenable has extracted the preceding description block direct...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2014-3083)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3083 advisory. - ALSA: control: Don't access controls outside of protected regions Lars-Peter Clausen Orabug: 19817787 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 -...
[SECURITY] Fedora 20 Update: nginx-1.4.7-3.fc20
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...