Race condition

The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...

CVE-2015-6761

FFmpeg CVE-2015-6761 affects libavcodec/vp8.c (update_dimensions) up to FFmpeg 2.8.1, used by Chrome prior to 46.0.2490.71. Root cause: multi-threaded operation relying on a coefficient-partition count, enabling a race condition that can lead to memory corruption or DoS via crafted WebM files. Mi...

CVE-2015-6761

The updatedimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service race condition and memory...

[SECURITY] [DLA 322-1] commons-httpclient security update

Package : commons-httpclient Version : 3.1-9+deb6u2 CVE ID : CVE-2015-5262 Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization...

DLA-322-1 commons-httpclient - security update

Bulletin has no description...

[SECURITY] Fedora 21 Update: mariadb-10.0.21-1.fc21

MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...

Important: Red Hat Security Advisory: rh-mariadb100-mariadb security update

Updated rh-mariadb100-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

[SECURITY] Fedora 21 Update: community-mysql-5.6.26-1.fc21

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 23 Update: community-mysql-5.6.26-1.fc23

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Pupils with EasyFuzzer 1.0 mining software vulnerabilities-vulnerability warning-the black bar safety net

EasyFuzzer is a new fuzzing tool. Currently only supports the file format of the fuzzy test. Features: easy, streamlined, efficient, and intelligent. Easy: very easy to use, does not need any configuration. With his elementary students can also dig vulnerability, don't worry there is no 0day...

MGASA-2015-0246 Updated openssl package fixes security vulnerabilities

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam CVE-2015-4000. When processing an ECParameters structure OpenSSL...

OpenSSL: Race condition handling NewSessionTicket

A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash...

Debian Security Advisory DSA 3287-1 (openssl - security update)

Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of...

DEBIAN-CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.1n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1n advisory. - The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2639-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2639-1 advisory. Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker cou...

CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

EUVD-2015-1917

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.8zg. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8zg advisory. - The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2...