[slackware-security] cups

New cups packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.17-i586-1slack15.0.txz: Upgraded. This update fixes security issues: The scheduler treated local user and group names as...

Amazon Linux AMI : mod_dav_svn / subversion (ALAS-2016-676)

It was found that when an SVN server both svnserve and httpd with the moddavsvn module searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable for example, if it had been moved. CVE-2015-3187 An integer overflow wa...

CVE-2015-5259

Integer overflow in the readstring function in libsvnrasvn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read...

CVE-2015-1548

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

DEBIAN-CVE-2015-1548

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

CVE-2015-1548

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

CVE-2015-1548

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

PT-2015-5344 · Acme +1 · Mini Httpd +1

Name of the Vulnerable Software and Affected Versions: mini httpd versions 1.21 and earlier Description: The issue allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string. This occurs because the long protocol string triggers an...

mini_httpd -- buffer overflow via snprintf

ACME Updates reports: minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. rene ACME, the author, claims that the...