92 matches found
ruby security update
1.8.7.352-4 - Address CVE-2011-4815 'DoS excessive CPU use via hash meet-in-the-middle attacks oCERT-2011-003' ruby-1.8.7-p352-CVE-2011-4815.patch - Resolves: rhbz768831...
ruby security update
1.8.5-22.1 - Properly initialize the random number generator when forking new process ruby-1.8.7-CVE-2011-3009.patch - Related: rhbz768829 1.8.5-21.1 - Revert accidential move of tcl/tk libraries. - Related: rhbz768829 1.8.5-20.1 - Address CVE-2011-4815 "DoS excessive CPU use via hash...
FreeBSD : Multiple implementations -- DoS via hash algorithm collision (91be81e7-3fea-11e1-afc7-2c4138874f7d)
oCERT reports : A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particul...
php, php53 security update
CentOS Errata and Security Advisory CESA-2012:0019 Updated php53 and php packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability...
Moderate: Red Hat Security Advisory: php53 and php security update
Updated php53 and php packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.004 28-Dec-2011 Vendors: PHP, http://www.php.net Oracle, http://www.oracle.com Microsoft, http://www.microsoft.com Python, http://www.python.org Ruby, http://www.ruby.org Google, http://www.google.com Affected Products: PHP 4 and ...
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
Ruby aka CRuby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...
[oCERT-2011-001] Chyrp input sanitization errors
2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...
Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041)
Multiple security vulnerabilities has been identified and fixed in pidgin : Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly CVE-2010-0277. In a user in a multi-user chat room has a nickname containi...
[Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors
2009-019 Ganeti path sanitization errors Description: Ganeti, an open source virtualisation manager, suffers from an input validation bug that poses a security risk. The vulnerability applies to the commands submitted, either locally via gnt- commands or remotely via the HTTP API, to the machine...
KDE -- multiple vulnerabilities
oCERT reports: Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves inp...
[oCERT-2009-015] KDE multiple issues
2009-015 KDE multiple issues Description: KDE, an open source desktop environment, suffers from several bugs that pose a security risk. The oCERT team was contacted by Portcullis Security requesting help in handling a series of issues reported to the KDE project back in July 2007. Because of an...
[oCERT-2009-016] Poppler, xpdf integer overflow during heap allocation
2009-016 Poppler, Xpdf integer overflows during heap allocation Description: Poppler and Xpdf are two popular open source projects for processing PDF files. Both projects are vulnerable to an integer overflow during heap memory allocation when processing a PDF file. In general, this results in...
Google Plugs Android Security Holes
Google has shipped a new version of the Android open-source mobile phone platform to fix a pair of security flaws that could lead to denial-of-service attacks. According to an advisory from oCERT, a group that handles vulnerability disclosure for open-source projects, the flaws could allow hacker...
[oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection
2009-010 mimeTeX and mathTeX buffer overflows and command injection Description: The mimeTeX and mathTeX CGIs are widely used helper executables that allow mathematical equation rendering in the form of images. Both applications suffer from several buffer overflows as well as command injection...
[oCERT-2009-012] libtiff tools integer overflows
2009-012 libtiff tools integer overflows Description: The libtiff image library tools suffer from integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The libtiff package ships a library, for reading and writing TIFF, as well as a sma...
[oCERT-2009-008] Dillo integer overflow
2009-008 Dillo integer overflow Description: Dillo, an open source graphical web browser, suffers from an integer overflow which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by HTML pages with embedded PNG images, the...
[oCERT-2009-007] FCKeditor input sanitization errors
2009-007 FCKeditor input sanitization errors Description: FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary...
[oCERT-2009-009] CamlImages integer overflows
2009-009 CamlImages integer overflows Description: CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the...
[oCERT-2009-004] AjaxTerm session id collision
2009-004 AjaxTerm session id collision Description: AjaxTerm, an open source web based terminal, uses a form of random session id generation which can lead to remote session hijacking. The ajaxterm.js script allocates session ids on the client side using the following method: var...