OpenSSL - ASN1 BIO Memory Corruption

OpenSSL - ASN1 BIO Memory Corruption Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL in production...

USN-1231-1: PHP Vulnerabilities

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socketconnect function's handling of long pathnames for AFUNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options...

CVE-2011-3182

PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash or trigger a buffer overflow by leveraging the ability to provide a...

pango security update

1.28.1-3.el60.5 - Prevent an integer overflow in hbbufferensure Related: 679693 1.28.1-3.el60.4 - Check for realloc failures in hbbufferensure CVE-2011-0064...

[slackware-security] gnupg2

New gnupg2 packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/gnupg2-2.0.14-i486-3slack13.1.txz: Rebuilt. Patched to fix "Realloc Bug with X.509 certificates in GnuPG". F...

CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

Fedora 13 : gnupg2-2.0.14-4.fc13 (2010-11413)

Fri Jul 23 2010 Rex Dieter - 2.0.14-4 - gpgsm realloc patch - Fri Jun 18 2010 Tomas Mraz - 2.0.14-3 - initialize small amount of secmem for list of algorithms in help 598847 necessary in the FIPS mode of libgcrypt Note that Tenable Network Security has extracted the preceding description block...

libwmf security update

0.2.8.4-10.2 - Resolves: rhbz497511 CVE-2009-1364 bad realloc...

CVE-2009-0749

Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted GIF image that causes the realloc function to return a new pointer, which...

ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the...