2302 matches found
openSUSE Security Update : libxml2 (openSUSE-2016-662)
libxml2 was updated to fix security issues and a regression from the last version update. Security issues fixed : - CVE-2016-3627: Fixed stack exhaustion while parsing certain XML files in recovery mode bnc972335. - CVE-2016-3705: Improved protection against the Billion Laughs Attack bnc975947...
openSUSE Security Update : ntp (openSUSE-2016-649)
This update for ntp fixes the following issues : - Update to 4.2.8p7 boo977446 : - CVE-2016-1547, boo977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. - CVE-2016-1548, boo977461: Interleave-pivot - CVE-2016-1549, boo977451: Sybil vulnerability: ephemeral association attack. - CVE-2016-1550,...
Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2985-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2985-1 advisory. Martin Carpenter discovered that ptchown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain...
Updated jansson packages fix CVE-2016-4425
Updated jansson packages fix security vulnerability: Gustavo Grieco discovered that jansson did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service crash via stack exhaustion, using crafted JSON data CVE-2016-4425...
SUSE-SU-2016:1344-1 Security update for wireshark
This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash wnpa-sec-2016-22...
[SECURITY] [DLA 477-1] librsvg security update
Package : librsvg Version : 2.36.1-2+deb7u2 CVE ID : CVE-2015-7558 CVE-2016-4347 CVE-2016-4348 Note CVE-2016-4347 is a duplicate of CVE-2015-7558 Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were found they will produce stack exhaustion by Gustavo Grieco. The version in wheezy...
PT-2016-3397 · Php +2 · Php +2
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.4.44 PHP versions 5.5.x prior to 5.5.28 PHP versions 5.6.x prior to 5.6.12 Description: The issue is related to a stack consumption problem in the Zend/zend exceptions.c component of PHP, caused by insufficient input...
Debian DLA-471-1 : jansson security update
Applications that depend on Jansson, a C library for encoding, decoding and manipulating JSON data, could crash due to stack exhaustion while parsing a JSON file. This was caused due to an unlimited parsing depth when parsing JSON arrays and is now fixed by limiting the depth to 2048. For Debian ...
DSA-3577-1 jansson - security update
Bulletin has no description...
[SECURITY] [DLA 471-1] jansson security update
Package : jansson Version : 2.3.1-2+deb7u1 CVE ID : CVE-2016-4425 Debian Bug : 823238 Applications that depend on Jansson, a C library for encoding, decoding and manipulating JSON data, could crash due to stack exhaustion while parsing a JSON file. This was caused due to an unlimited parsing dept...
openSUSE Security Update : ntp (openSUSE-2016-578)
ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002...
ntp: stack exhaustion in recursive traversal of restriction list
A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd...
Mageia: Security Advisory (MGASA-2016-0153)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-3705
Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck and xmlParseAttValueComplex functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack...
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1)
ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002...
SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1175-1)
ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002. - CVE-2015-7979: Off-path Denial of Service DoS attack on authenticated...
jansson -- local denial of service vulnerabilities
QuickFuzz reports: A crash caused by stack exhaustion parsing a JSON was found...
SUSE-SU-2016:1175-1 Security update for ntp
ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002. - CVE-2015-7979: Off-path Denial of Service DoS attack on authenticated...
SUSE-SU-2016:1177-1 Security update for ntp
ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002....
MGASA-2016-0153 Updated wireshark packages fix security vulnerabilities
Updated wireshark packages fix security vulnerabilities: The NCP dissector could crash CVE-2016-4076. TShark could crash due to a packet reassembly bug CVE-2016-4077. The IEEE 802.11 dissector could crash CVE-2016-4078. The PKTC dissector could crash CVE-2016-4079. The PKTC dissector could crash...