Debian Security Advisory DSA 3533-1 (openvswitch - security update)

Kashyap Thimmaraju and Bhargava Shastry discovered a remotely triggerable buffer overflow vulnerability in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data...

subversion -- multiple vulnerabilities

Subversion Project reports: Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser. Remotely triggerable heap overflow and out-of-bounds read in moddavsvn caused by integer overflow when parsing skel-encoded request bodies...

[SECURITY] [DLA 311-1] rpcbind security update

Package : rpcbind Version : 0.2.0-4.1+deb6u1 CVE ID : CVE-2015-7236 A use-after-free vulnerability in rpcbind causing remotely triggerable crash was found. Rpcbind crashes in svcdodestroy when trying to free a corrupted xprt-xpnetid pointer, which contains a sockaddrin...

DLA-311-1 rpcbind - security update

Bulletin has no description...

FreeBSD : xen-tools -- Guest triggerable qemu MSI-X pass-through error messages (cbe1a0f9-27e9-11e5-a4a5-002590263bf5)

The Xen Project reports : Device model code dealing with guest PCI MSI-X interrupt management activities logs messages on certain supposedly invalid guest operations. A buggy or malicious guest repeatedly invoking such operations may result in the host disk to fill up, possibly leading to a Denia...

PolarSSL -- Security Fix Backports

Paul Bakker reports: PolarSSL 1.2.14 fixes one remotely-triggerable issues that was found by the Codenomicon Defensics tool, one potential remote crash and countermeasures against the "Lucky 13 strikes back" cache-based attack...

Security update for xen (important)

Xen was updated to fix eight vulnerabilities. The following vulnerabilities were fixed: CVE-2015-2751: Certain domctl operations may be abused to lock up the host XSA-127 boo922709 CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 CVE-2015-4104:...

Fedora 21 : xen-4.4.2-5.fc21 (2015-9466)

Potential unintended writes to host MSI message data field via qemu XSA-128, CVE-2015-4103, PCI MSI mask bits inadvertently exposed to guests XSA-129, CVE-2015-4104, Guest triggerable qemu MSI-X pass-through error messages XSA-130, CVE-2015-4105, Unmediated PCI register access in qemu XSA-131,...

Appweb Web Server Denial Of Service

Affected software: Appweb Web Server CVE ID: CVE-2014-9708 Description: An HTTP request with a Range header of the form "Range: x=," ie. with an empty range value will cause a null pointer dereference, leading to a remotely-triggerable DoS. Fixed versions: 4.6.6, 5.2.1 Bug entry:...

bind: 9.9.3P2 security and bugfix update (important)

The BIND nameserver was updated to 9.9.3P2 to fix a security issue where incorrect bounds checking on private type 'keydata' could lead to a remotely triggerable REQUIRE failure. CVE-2013-4854, bnc831899...

Fedora 19 : spice-0.12.4-1.fc19 (2013-14110)

New upstream bug-fix release 0.12.4 - Fixes a client triggerable abort CVE-2013-4130 - Add patches from upstream git to fix sound-channel-free crash rhbz986407 - Stop building spicec, it's obsolete and superseded by remote-viewer part of virt-viewer Note that Tenable Network Security has...

SuSE 11.1 Security Update : finch, libpurple and pidgin (SAT Patch Number 6294)

Various remote triggerable crashes in pidgin have been fixed : - In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text . CVE-2012-1178 - Incoming messages wi...

SuSE 11.1 Security Update : finch, libpurple and pidgin (SAT Patch Number 6294)

Various remote triggerable crashes in pidgin have been fixed : - In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text . CVE-2012-1178 - Incoming messages wi...

SuSE 10 Security Update : finch, libpurple, and pidgin (ZYPP Patch Number 8131)

Various remote triggerable crashes in pidgin have been fixed : - In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text . CVE-2012-1178 - Incoming messages wi...

Fedora 11 : krb5-1.6.3-31.fc11 (2010-8796)

Shawn Emery discovered a remotely-triggerable NULL pointer dereference in the Kerberos GSS-API library which could be used to cause GSS-API-authenticated services to crash. This update incorporates fixes to instead correctly detect the error and return an error code. Note that Tenable Network...