Fedora 20 : python-2.7.5-16.fc20 (2015-6010)

Security fix for CVE-2013-1752 multiple unbound readline DoS flaws in python stdlib following fixes which all relates to this CVE are in this patch : - ftplib: Limit amount of data read by limiting the call to readline. 16038 - imaplib: limit line length in imaplib readline calls. 16039 - nntplib...

[SECURITY] Fedora 22 Update: jline-2.12.1-1.fc22

JLine is a Java library for handling console input. It is similar in functionality to BSD editline and GNU readline. People familiar with the readline/editline capabilities for modern shells such as bash and tcsh will find most of the command editing features of JLine to be familiar...

Fedora 21 : python-2.7.8-8.fc21 (2015-6003)

Security fix for CVE-2013-1752 multiple unbound readline DoS flaws in python stdlib following fixes which all relates to this CVE are in this patch : - poplib: limit maximum line length that we read from the network 16041 - smtplib: limit amount read from the network 16042 Note that Tenable Netwo...

Fedora 20 : php-5.5.23-1.fc20 (2015-4216)

19 Mar 2015, PHP 5.5.23 Core : - Fixed bug 69174 leaks when unused inner class use traits precedence. Laruence - Fixed bug 69139 Crash in gczvalpossibleroot on unserialize. Laruence - Fixed bug 69121 Segfault in getcurrentuser when script owner is not in passwd with ZTS build. dan at syneto dot n...

Fedora 21 : php-5.6.7-1.fc21 (2015-4236)

19 Mar 2015, PHP 5.6.7 Core : - Fixed bug 69174 leaks when unused inner class use traits precedence. Laruence - Fixed bug 69139 Crash in gczvalpossibleroot on unserialize. Laruence - Fixed bug 69121 Segfault in getcurrentuser when script owner is not in passwd with ZTS build. dan at syneto dot ne...

Mandriva Linux Security Advisory : readline (MDVSA-2015:132)

Updated readline packages fix security vulnerability : Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in v...

Vane - WordPress Vulnerability Scanner (A GPL fork of WPScan)

Vane is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan. INSTALL Prerequisites Windows not supported Ruby = 1.9 RubyGems Git Installing on Debian/Ubuntu sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git clone...

python2: multiple issues

CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...

Fedora Update for readline FEDORA-2014-7496

Check the version of readline SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868566";...

[SECURITY] Fedora 19 Update: readline-6.2-8.fc19

The Readline library provides a set of functions that allow users to edit command lines. Both Emacs and vi editing modes are available. The Readline library includes additional functions for maintaining a list of previously-entered command lines for recalling or editing those lines, and for...

Fedora 19 : readline-6.2-8.fc19 (2014-7496)

readline in Fedora is very slow when rleventhook is used, this update fix it. Security patch for debug function Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it a...

Amazon Linux AMI : readline (ALAS-2014-357)

The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linu...

OracleVM 3.2 : bash (OVMSA-2014-0019)

The remote OracleVM system is missing necessary patches to address critical security updates : - Check for fishy environment Resolves: 1141644 - Fixed a bug that caused trap handlers to be executed recursively, corrupting internal data structures. Resolves: 964753 - Don't include backup files...

bash: security and bugfix update (critical)

bash was updated to fix a critical security issue, a minor security issue and bugs: In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...

openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)

bash was updated to fix a critical security issue, a minor security issue and bugs : In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...

Fedora 19 : php-5.5.16-1.fc19 (2014-9679)

21 Aug 2014, PHP 5.5.16 Core : - Fixed bug 67693 incorrect push to the empty array Tjerk - Fixed bug 67717 segfault in dnsgetrecord. CVE-2014-3597 Remi COM : - Fixed missing type checks in comeventsink Yussuf Khalil, Stas. Fileinfo : - Fixed bug 67705 extensive backtracking in rule regular...

CVE-2014-2524

The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack. The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file. Remediation There is no fixed version for...

UBUNTU-CVE-2014-2524

The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file...

CVE-2014-2524

The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file...