92 matches found
CentOS 6 / 7 : jasper (CESA-2014:2021)
Updated jasper packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
[oCERT-2014-009] JasPer input sanitization errors
2014-009 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by two heap-based buffer overflows which can lead to arbitrary code execution. The vulnerability is present in functions jpcdeccpsetfromcox a...
Oracle Linux 6 / 7 : libvncserver (ELSA-2014-1826)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1826 advisory. - Fix CVE-2014-6051 integer overflow in screen size handling bug 1157668 - Fix CVE-2014-6052 NULL pointer dereference in framebuffer setup bug...
Moderate: Red Hat Security Advisory: kdenetwork security update
Updated kdenetwork packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
libvncserver security update
CentOS Errata and Security Advisory CESA-2014:1826 Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS ba...
Moderate: Red Hat Security Advisory: libvncserver security update
Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
[oCERT-2014-005] LPAR2RRD input sanitization errors
2014-005 LPAR2RRD input sanitization errors Description: LPAR2RRD is a performance monitoring and capacity planning software for IBM Power Systems. LPAR2RRD generates historical, future trends and nearly "real-time" CPU utilization graphs of LPAR's and shared CPU usage. Insufficient input...
e2fsprogs -- buffer overflow if s_first_meta_bg too big
Theodore Ts'o reports: If sfirstmetabg is greater than the of number block group descriptor blocks, then reading or writing the block group descriptors will end up overruning the memory buffer allocated for the descriptors. The finding is credited to a vulnerability report from Jose Duart of Goog...
Important: Red Hat Security Advisory: ruby193-libyaml security update
Updated ruby193-libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Important: Red Hat Security Advisory: libyaml security update
Updated libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...
Important: Red Hat Security Advisory: libyaml security update
Updated libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 4. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...
LibYAML input sanitization errors
oCERT reports: The LibYAML project is an open source YAML 1.1 parser and emitter written in C. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the...
Oracle Linux 4 : php (ELSA-2012-0071)
From Red Hat Security Advisory 2012:0071 : Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...
Oracle Linux 5 : ruby (ELSA-2012-0070)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0070 advisory. - Properly initialize the random number generator when forking new process ruby-1.8.7-CVE-2011-3009.patch - Related: rhbz768829 Tenable has extracted t...
Oracle Linux 6 : ruby (ELSA-2012-0069)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-0069 advisory. - Address CVE-2011-4815 'DoS excessive CPU use via hash meet-in-the-middle attacks oCERT-2011-003' ruby-1.8.7-p352-CVE-2011-4815.patch Tenable has extracted the...
RHEL 5 / 6 : jbossweb (RHSA-2012:0074)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0074 advisory. - tomcat: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064 - tomcat: securit...
Moderate: Red Hat Security Advisory: Fuse Management Console 7.1.0 update
Fuse Management Console 7.1.0, which fixes one security issue, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score...
Moderate: Red Hat Security Advisory: Fuse MQ Enterprise 7.1.0 update
Fuse MQ Enterprise 7.1.0, which fixes one security issue, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...
CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...