SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2016:2330-1)

This update for curl fixes the following issues: Security issues fixed : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-5421: use of connection struct after free bsc991391 - CVE-2016-7141: Fixe...

openSUSE Security Update : curl (openSUSE-2016-1043)

This update for curl fixes the following issues : - fixing a performance regression with FTP boo991746 - TLS session resumption client cert bypass boo991389, CVE-2016-5419 - Re-using connections with wrong client cert boo991390, CVE-2016-5420 - use of connection struct after free boo991391,...

FreeBSD : Vulnerabilities in Curl (e4bc70fc-5a2f-11e6-a1bc-589cfc0654e1)

Curl security team reports : CVE-2016-5419 - TLS session resumption client cert bypass CVE-2016-5420 - Re-using connections with wrong client cert CVE-2016-5421 - use of connection struct after free %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

UBUNTU-CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

PHP Denial of Service Vulnerability (CNVD-2016-03648)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability exists in PHP's Zend/zendexceptions.c file. A remote attacker could exploit this...

The vulnerability of the Safari browser, which allows a hacker to trigger a service failure

The vulnerability of the Downloads function in the Safari browser is related to an incorrect file extension. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service interruptions through a specially crafted website...

FBI may have found a New Way to Unlock Shooter's iPhone without Apple

There's more coming to the high-profile Apple vs. FBI case. The Federal Bureau of Investigation FBI might not need Apple's assistance to unlock iPhone 5C that belonged to San Bernardino shooter, Syed Rizwan Farook. If you have followed the San Bernardino case closely, you probably know everything...

Linux Kernel 3.10.0-229.x (CentOS RHEL 7.1) - iowarrior Driver Crash (PoC)

Linux Kernel 3.10.0-229.x CentOS RHEL 7.1 - iowarrior Driver Crash PoC OS-S Security Advisory 2016-15 Linux iowarrior Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local...

Linux snd-usb-audio Null Pointer Dereference

OS-S Security Advisory 2016-16 Linux snd-usb-audio Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid US...

Linux visor (treo_attach) Null Pointer Dereference

OS-S Security Advisory 2016-10 Linux visor treoattach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2016-2782 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid US...

Linux ati_remote2 Null Pointer Dereference

OS-S Security Advisory 2016-18 Linux atiremote2 multiple Nullpointer Dereferences Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Multiple Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crash...

Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'digi_acceleport' Nullpointer Dereference

Exploit for linux platform in category dos / poc Linux digiacceleport Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel...

Linux digi_acceleport Null Pointer Dereference

OS-S Security Advisory 2016-12 Linux digiacceleport Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid U...

Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'aiptek' Nullpointer Dereference

Exploit for linux platform in category dos / poc Linux aiptek Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7515 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on...

Linux Kernel 3.10.0 (CentOS RHEL 7.1) - visor clie_5_attach Nullpointer Dereference

Linux Kernel 3.10.0 CentOS RHEL 7.1 - visor clie5attach Nullpointer Dereference OS-S Security Advisory 2016-09 Linux visor clie5attach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7566 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C...

Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cypress_m8' Nullpointer Dereference

OS-S Security Advisory 2016-07 Linux cypressm8 Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB...

Linux cypress_m8 Null Pointer Dereference

OS-S Security Advisory 2016-07 Linux cypressm8 Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB...

Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'digi_acceleport' Nullpointer Dereference

OS-S Security Advisory 2016-12 Linux digiacceleport Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid...

Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor 'treo_attach' Nullpointer Dereference

OS-S Security Advisory 2016-10 Linux visor treoattach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2016-2782 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid...

Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference

OS-S Security Advisory 2016-09 Linux visor clie5attach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7566 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid...