[SECURITY] Fedora 25 Update: community-mysql-5.7.17-1.fc25

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution Exploit

Exploit for linux platform in category local exploits Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem where...

Apport 2.x (Ubuntu Desktop 12.10 16.04) - Local Code Execution

Apport 2.x Ubuntu Desktop 12.10 16.04 - Local Code Execution Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem...

Apport 2.x (Ubuntu Desktop 12.10 &lt; 16.04) - Local Code Execution

Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem where arbitrary commands can be called with the “Relaunch”...

shopify-scripts: Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox

Introduction ============ Certain invalid Ruby programs which should normally raise a syntax error are able to cause an infinite loop in MRuby's parser which makes the mruby-engine sandbox and consequently the MRI process it is running in unresponsive to SIGTERM. The process begins looping foreve...

postgresql security update

CentOS Errata and Security Advisory CESA-2016:2606 An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

Fast Breakfast App Upgrade Checked for Design Logic Flaws

Fast Breakfast App is a mobile service that can help you buy breakfast. A design logic vulnerability exists in the upgrade check of Fast Breakfast APP. Due to lax upgrade request checking in Fast Breakfast APP, attackers are allowed to exploit the vulnerability to install malicious programs...

shopify-scripts: Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop

Introduction ============ Certain invalid inputs invalid Ruby programs crash mruby and mrubyengine including the parent MRI VM. The programs always involve the ||= operator, loops and the break keyword. Proof of Concept ================ crash.rb -------- A ||= break while break 1. Save the above...

Firejail Remote Elevation of Privilege Vulnerability

Firejail is a suite of SUID programs written in C that reduces the risk of security vulnerabilities by restricting the runtime environment of untrusted applications using the Linux namespace and seccomp-bpf. A security vulnerability exists in Firejail that allows a remote attacker to exploit the...

[SECURITY] Fedora 24 Update: guile-2.0.13-1.fc24

GUILE GNU's Ubiquitous Intelligent Language for Extension is a library implementation of the Scheme programming language, written in C. GUILE provides a machine-independent execution platform that can be linked in as a library during the building of extensible programs. Install the guile package ...

[SECURITY] Fedora 25 Update: guile-2.0.13-1.fc25

GUILE GNU's Ubiquitous Intelligent Language for Extension is a library implementation of the Scheme programming language, written in C. GUILE provides a machine-independent execution platform that can be linked in as a library during the building of extensible programs. Install the guile package ...

MariaDB 10.0.0 < 10.0.21 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.21. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.21 advisory. - Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via...

MariaDB 5.5.0 < 5.5.45 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 5.5.45. It is, therefore, affected by multiple vulnerabilities as referenced in the 5.5.45 advisory. - Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect...

[SECURITY] Fedora 23 Update: community-mysql-5.6.33-1.fc23

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

IBM DB2 10.5 < Fix Pack 8 / 11.x < 11.1 Multiple Vulnerabilities

Binary data 9590.prm...

SUSE-SU-2016:2418-1 Security update for postgresql94

This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference bsc993454. - CVE-2016-5424: Fix client programs' handling of special characters in database and role names...

Streamo Online Radio And TV Streaming CMS SQL Injection Vulnerability

Streamo Online Radio And TV Streaming CMS is a popular online radio and TV streaming content management system. A SQL injection vulnerability exists in the id parameter of the programs.php page of Streamo Online Radio And TV Streaming CMS, which can be exploited by an attacker to take control of...

CVE-2016-7543

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...

iSpy Keylogger Targets Passwords, Skype, Webcams

Researchers are monitoring sales and infection rates of a new keylogger being sold on the dark web for $25 to $35. Along with capturing keystrokes, iSpy grabs passwords stored in web browsers, records Skype chats, takes webcam screenshots and steals the license keys of software such as Adobe...

Snowden Slammed by House Committee Report

Edward Snowden’s hopes of a presidential pardon were dimmed Thursday when a House Committee report slammed the former U.S. defense contractor saying he has done “tremendous damage” to United States national security. That conclusion was part of a 36-page report PDF released Thursday by the House...