Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015

When a PDF is uploaded in Scald File, various tools can be executed if they're installed on the server, to try to generate a thumbnail out of that PDF. This is mitigated by the need to have the sufficient permissions to upload a file in Scald, and also to have at least one of the thumbnail creati...

Updated glibc packages fix multiple security vulnerabilities

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes...

[DLA 43-1] eglibc security update

Package : eglibc Version : 2.11.3-4+deb6u1 CVE ID : CVE-2014-0475 CVE-2014-5119 CVE-2014-0475 Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as...

DLA-43-1 eglibc - security update

Bulletin has no description...

USN-2328-1 eglibc vulnerability

Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. CVE-2014-5119 USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04...

USN-2328-1: GNU C Library vulnerability

Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. CVE-2014-5119 USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04...

Ubuntu 14.04 LTS : GNU C Library vulnerability (USN-2328-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2328-1 advisory. Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker coul...

Debian DSA-3012-1 : eglibc - security update

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve...