RHEL 6 : libxml2 (RHSA-2015:1419)

Updated libxml2 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Low: Red Hat Security Advisory: libxml2 security and bug fix update

Updated libxml2 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)

It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution...

OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)

It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution...

Cisco Headend System Releases Denial of Service Vulnerability

A vulnerability in Cisco Headend System Releases could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the software's inability to recover memory after certain usage situations. An attacker could exploit this vulnerability by...

Cisco Headend System Releases Denial of Service Vulnerability

A vulnerability in Cisco Headend System Releases could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the software's inability to recover memory after certain usage situations. An attacker could exploit this vulnerability by...

Portable Penetration Testing Distribution for Windows: PentestBox

PentestBox is not like other Penetration Testing Distributions which runs on virtual machines. It is created because more than 70% of penetration testing distributions users uses windows and provides an efficient platform for Penetration Testing on windows. It provides all security tools as a...

Multiple Cisco Products TCP Flood Denial of Service Vulnerability

A vulnerability in the TCP module of multiple Cisco products could allow an unauthenticated, remote attacker to disable TCP ports and cause an increase in CPU and memory usage, resulting in a denial of service DoS condition. The vulnerability is due to a lack of rate limiting in the TCP listener...

OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)

The remote OracleVM system is missing necessary patches to address critical security updates : - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077385 CVE-2015-3331 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807438...

apache-poi: entity expansion (billion laughs) flaw

It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3035 advisory. - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077385 CVE-2015-3331 - xen/pciback: Don't disable PCICOMMAND on PCI...

Unbreakable Enterprise kernel security and bugfix update

kernel-uek 3.8.13-68.2.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077385 CVE-2015-3331 3.8.13-68.2.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807438 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...

Fedora 21 : mksh-50f-1.fc21 (2015-6550)

"R50f is a required security and bugfix release : - Add a patch marker for vendor patch versioning to mksh.1 - SECURITY: make unset HISTFILE actually work - Document some more issues with the current history code - Remove some unused code - RCSID-only sync with OpenBSD, for bogus and irrelevant...

MGASA-2015-0177 Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests CVE-2015-0202. Subversion moddavsvn and svnserve are vulnerable to a remotely triggerable assertion D...

Fedora 21 : varnish-4.0.3-3.fc21 (2015-4079)

This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread. New upstream release. A bugfix release. Highlights from the changelog : - 26 reported bugs fixed. - Replaced objects are now expired immediately, instead of kept...

Fedora 22 : varnish-4.0.3-3.fc22 (2015-4063)

Added an update that fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread. New upstream release. A bugfix release. Highlights from the changelog : - 26 reported bugs fixed. - Replaced objects are now expired immediately, instead of...

Oracle Linux 7 : pcre (ELSA-2015-0330)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-0330 advisory. - Fix CVE-2014-8964 unused memory usage on zero-repeat assertion condition bug 1169797 Tenable has extracted the preceding description block directly from the...

pcre security and enhancement update

8.32-14 - Fix CVE-2014-8964 unused memory usage on zero-repeat assertion condition bug 1169797 8.32-13 - Disable unsupported JIT mode on little-endian 64-bit PowerPC platform bug 1125642 - Raise optimization level to 3 on little-endian 64-bit PowerPC bug 1123498...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix three security issues are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RHEL 6 : kernel (RHSA-2015:0043)

Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...