Huawei Mobile GPU Driver Memory Double Release Vulnerability

Huawei Mate 9 and Mate 9 Pro are both smartphone products from the Chinese company Huawei.GPU driver is one of the graphics drivers used in... A double release vulnerability exists in the GPU driver in Huawei Mate 9 versions prior to MHA-AL00B 8.0.0.334C00 and Mate 9 Pro versions prior to LON-AL0...

zookeeper: Incorrect input validation with wchp/wchc four letter words

A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests...

USN-3483-2: procmail vulnerability

USN-3483-1 fixed a vulnerability in procmail. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash,...

USN-3483-1: procmail vulnerability

Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code...

[SECURITY] Fedora 27 Update: qemu-2.10.1-1.fc27

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 27 Update: qemu-2.10.1-1.fc27

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[ASA-201711-15] lib32-openssl: multiple issues

Arch Linux Security Advisory ASA-201711-15 ========================================== Severity: Medium Date : 2017-11-08 CVE-ID : CVE-2017-3735 CVE-2017-3736 Package : lib32-openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-478 Summary ======= The package...

[SECURITY] Fedora 26 Update: qemu-2.9.1-2.fc26

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[ASA-201711-14] openssl: multiple issues

Arch Linux Security Advisory ASA-201711-14 ========================================== Severity: Medium Date : 2017-11-07 CVE-ID : CVE-2017-3735 CVE-2017-3736 Package : openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-477 Summary ======= The package openssl...

DEBIAN-CVE-2017-3736

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

Design/Logic Flaw

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

VulnCheck KEV: CVE-2013-0808

Hangul Word Processor contains a buffer overflow vulnerability that can be exploited by an embedded EPS object contained in a malicious HWP document...

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it...

EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1261)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it...

Scientific Linux Security Update : tomcat on SL7.x (noarch) (20171030)

Security Fixes : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information...

tomcat: Incorrect handling of pipelined requests when send file was used

A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure...

tomcat: Incorrect handling of pipelined requests when send file was used

A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure...

openSUSE Security Update : the Linux Kernel (openSUSE-2017-1194) (KRACK)

The openSUSE Leap 42.3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-13080: Wi-Fi Protected Access WPA and WPA2 allowed reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access WPA and WPA2 allowed reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker...

CVE-2017-15537

The x86/fpu Floating Point Unit subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace or rtsigreturn system call, allowing local users to read...