CVE-2016-5296

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

UBUNTU-CVE-2016-5296

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

shopify-scripts: Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference

Introduction ============ Certain valid Ruby programs are able to cause a segmentation fault in mruby through a null pointer derefence, which in turn leads to a crash in mrubyengine and the parent MRI Ruby process. Proof of concept ================ crash.rb: --------- def method yield end method&...

F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K35155453)

CVE-2015-8683 The putcontig8bitCIELab function in tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read via a packed TIFF image. CVE-2015-8665 tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read vi...

glibc security update

2.17-157 - Rebuild with updated binutils 1268008 2.17-156 - malloc arena free free list management fix 1276753 2.17-155 - Basic validity check for locale-archive.tmpl 1350733 2.17-153 - Add Intel AVX-512 optimized routines 1298526. 2.17-151 - Improve malloc peformance in low-memory situations...

F5 Networks BIG-IP : LibTIFF vulnerabilities (K89096577)

CVE-2016-5314 Buffer overflow in the PixarLogDecode function in tifpixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent...

openSUSE Security Update : mariadb (openSUSE-2016-1274)

This update for mariadb to 10.0.27 fixes the following issues : - release notes : - https://kb.askmonty.org/en/mariadb-10027-release-notes - https://kb.askmonty.org/en/mariadb-10026-release-notes - changelog : - https://kb.askmonty.org/en/mariadb-10027-changelog -...

Security update for mariadb (important)

This update for mariadb to 10.0.27 fixes the following issues: release notes: https://kb.askmonty.org/en/mariadb-10027-release-notes https://kb.askmonty.org/en/mariadb-10026-release-notes changelog: https://kb.askmonty.org/en/mariadb-10027-changelog...

SOL35155453 - Multiple LibTIFF vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

High Throughput Fuzzer: Grr

High Throughput Fuzzer GRR is an x86 to amd64 binary translator. GRR was created to emulate and fuzzer DECREE challenge binaries. GRR was created for the DARPA Cyber Grand Challenge. Features Code cache persistence avoids translation overheads across separate runs. Optimization of the code cache,...

SOL24923910 - LibTIFF vulnerability CVE-2016-3632

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

openSUSE Security Update : mariadb (openSUSE-2016-1154)

This update for mariadb to 10.0.27 fixes the following issues : Security issue fixed : - CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and, under certain circumstances, execute arbitrary code as mysql or even root user. bsc998309 - release not...

Security update for mariadb (important)

This update for mariadb to 10.0.27 fixes the following issues: Security issue fixed: CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and, under certain circumstances, execute arbitrary code as mysql or even root user. bsc998309 release notes:...

How to create a raw VDI on XenServer ?

Sometimes when performance is important over other functionalities like snapshot fast clone which are provided by the VHD layer, we need to create raw VDI...

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability

Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...

SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:2404-1)

This update for mariadb to 1.0.0.27 fixes the following issues: Security issue fixed : - CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and, under certain circumstances, execute arbitrary code as mysql or even root user. bsc998309 - release not...

SUSE-SU-2016:2395-1 Security update for mariadb

This update for mariadb to 1.0.0.27 fixes the following issues: Security issue fixed: CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and , under certain circumstances, execute arbitrary code as mysql or even root user. bsc998309 release notes:...

Universal Serial aBUSe: USaBUSe

Universal Serial aBUSe Universal Serial aBUSe is a project released at Defcon 24 by Rogan Dawes. The team took some fairly common attacks fake keyboards in small USB devices that type nasty things and extended them to provide us with a bi-directional binary channel over our own wifi network to gi...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160823)

Security Fixes : It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then...

RHEL 6 : kernel (RHSA-2016:1664)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...