[SECURITY] Fedora 23 Update: nginx-1.8.1-3.fc23

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

Critical: java-1.8.0-openjdk

Issue Overview: It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

The vulnerability of the Network Security Services library allows a perpetrator to trigger a service failure or exert other effects.

The vulnerability of the ssl3HandleECDHServerKeyExchange function in the Network Security Services library is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause service failures or other effects when establishing an SSL connection...

The vulnerability of the Ruby on Rails software platform, which allows a hacker to trigger a service failure

The vulnerability in the actionpack/lib/actiondispatch/routing/routeset.rb file of the Action Pack component in the Ruby on Rails software framework is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions e.g., memory...

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=763 The LZMA specification says the following about the memory usage of decompression: "The size of the probability model counter arrays is calculated with the...

Mozilla Firefox Denial of Service Vulnerability (CNVD-2016-01722)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 45.0 for Linux-based platforms. A remote attacker can exploit this vulnerability to cause a denial of service memory...

VLC media player handles wma file memory corruption vulnerability

VLC media player is a well-known multimedia player that can play video and audio in many formats and is highly used. A denial of service vulnerability exists in the VLC media player software when processing wma format files, which allows attackers to exploit the vulnerability to construct malform...

nghttp2: denial of service

HTTP/2 uses HPACK to compress header fields. The basic idea is that HTTP header field is stored in the receiver with the numeric index number. The memory used by this storage is tightly constrained, and it is 4KiB by default. When sender sends the same header field, it just sends the correspondin...

[SECURITY] Fedora 22 Update: nginx-1.8.1-1.fc22

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 23 Update: nginx-1.8.1-1.fc23

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

Medium: libxml2

Issue Overview: A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. The...

libxml2: denial of service processing a crafted XML document

A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory...

openSUSE Security Update : mysql-community-server (openSUSE-2015-608)

The MySQL Community Server edition was updated to 5.6.26, fixing security issues and bugs. All changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html - Fixed CVEs: CVE-2015-2617, CVE-2015-2648, CVE-2015-2611, CVE-2015-2582 CVE-2015-4752, CVE-2015-4756, CVE-2015-2643, CVE-2015-47...

Mozilla Addresses 14-Year-Old Bug in Firefox 41

Developers at Mozilla pushed out Firefox 41 this week and brought some much needed relief to Adblock Plus users by finally fixing a 14-year old bug in the browser. The update addresses a longstanding issue with how the browser handles memory usage by the add-on. Previously the browser created too...

IBM WebSphere Portal Denial of Service Vulnerability (CNVD-2015-06033)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects an organization internally and externally, allowing employees, customers and suppliers to access internal data through the platform. A denial of service vulnerability exists in IB...

How to Fix Chrome Massive Memory Usage? Simply Try 'Chrome 45' for Faster Performance

Rejoice Chrome users! Google has made major improvements to its Chrome web browser that would once again make it one of the least memory eater browsers in the market. Although Chrome is used by hundreds of millions of people worldwide due to its simplicity and power, most people aren't happy with...

OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)

It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution...