java-1.7.0-openjdk security update

1:1.7.0.101-2.6.6.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.101-2.6.6.1 - added Patch666 fontpath.patch to fix tck regressions - Resolves: rhbz1325425 1:1.7.0.101-2.6.6.0 - Fix ztos handling in templateTableppc64.cpp to be same as others in 7. - Resolves: rhbz1325425 1:1.7.0.101-2.6.6.0 - Bum...

Qemu Information Disclosure Vulnerability (CNVD-2016-02391)

QEMU is a suite of analog processor software. A vulnerability in Qemu's kvmvapic.c when using Task Priority Register TPR optimization allows a local attacker to exploit the vulnerability to obtain host-sensitive information...

UBUNTU-CVE-2016-4020

The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

UBUNTU-CVE-2016-1922

QEMU aka Quick Emulator built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'currentcpu' remains null, which leads to the null pointer dereference. A user or...

October 2015 Adobe Acrobat Adobe Acrobat Patches

Adobe is expected next week to patch critical vulnerabilities in Acrobat and Reader. The company today gave advanced notification of the impending updates to both products. The patches will be released on Tuesday, which figures to be a busy day for system administrators given that Microsoft will...

CVE-2015-1538

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related...

The vulnerability of the Adobe AIR software platform allows a perpetrator to increase the execution priority of a process from low to medium.

The vulnerability of the Adobe AIR software platform is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to increase the execution priority of processes from low to medium...

The vulnerability of the Flash Player software allows a violator to increase the execution priority of the process from low to medium.

The vulnerability of the Flash Player software is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to increase the priority of execution of processes from low to medium level...

The vulnerability of the Flash Player software allows a violator to increase the priority of the execution process from low to medium.

The vulnerability of the Flash Player software is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to increase the priority of execution of processes from low to medium level...

The vulnerability of the Adobe AIR software platform allows a perpetrator to increase the execution priority of a process from low to medium.

The vulnerability of the Adobe AIR software platform is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to increase the execution priority of processes from low to medium...

[SECURITY] Fedora 21 Update: condor-8.3.6-1.fc21

HTCondor is a workload management system for high-throughput and high-performance jobs. Like other full-featured batch systems, HTCondor provides a job queueing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs ...

Tor Cloud Shut Down Amid Lack of Support

The Tor Project has shuttered its cloud proxy service citing security vulnerabilities, usability bugs and a lack of resources. Tor offers its users the capacity to surf the Web anonymously, bouncing traffic through a series of relay servers so that no observer at any point can tell where that...

java-1.8.0-openjdk security update

1:1.8.0.45-30.b13 - repacked sources - Resolves: RHBZ1209076 1:1.8.0.45-7.b13 - Re-add %name prefix to patches to avoid conflicts with OpenJDK 7 versions. - Remove ppc64le test case now fix has been verified. - Resolves: rhbz1194378 1:1.8.0.45-27.b13 - updated to security u45 - minor sync with 7....

openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr (openSUSE-2015-290)

Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox : - Miscellaneou...

Security update for MozillaFirefox, MozillaThunderbird, mozilla-nspr (important)

Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox: Miscellaneous...

OracleVM 2.2 : ntp (OVMSA-2015-0002)

The remote OracleVM system is missing necessary patches to address critical security updates : - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295 - increase...

December 2014 Adobe Flash, Reader, Acrobat, ColdFusion Patch

As expected, Adobe today patched a vulnerability in Adobe Reader disclosed last week by Google’s Project Zero. What was unexpected was a Flash Player update that includes a patch for a vulnerability being exploited in the wild, Adobe said. Adobe had announced last Thursday in its pre-notification...

The Windows Kerberos vulnerability details becoming clearer-vulnerability warning-the black bar safety net

The day before yesterday, Microsoft's unconventional update fixes a particularly serious defect: any login to the domain where the users can be their own elevated privileges to other users privileges, even including the domain administrator privileges. The author from the pre-notification informe...

Amazon Linux AMI : rsyslog (ALAS-2014-445)

A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. CVE-2014-3634 C Tenable Network Security, Inc. The descriptive...

Medium: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. CVE-2014-3634 Affected Packages: rsyslog Issue...