Medium: postgresql8

Issue Overview: A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string w...

Low: php-pecl-apc

Issue Overview: A cross-site scripting XSS flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack...

Medium: openssh

Issue Overview: A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon sshd use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by...

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711, CVE-2012-1719 It was...

Medium: postgresql9

Issue Overview: The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain...

Medium: expat

Issue Overview: A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. T...

Low: quagga

Issue Overview: The bgpcapabilityorf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service assertion failure and daemon exit by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering ORF capability TLV in an OPEN...

Medium: python-crypto

Issue Overview: PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. Affected Packages:...

Medium: socat

Issue Overview: Heap-based buffer overflow in the xioscanreadline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. Affected Packages: socat Issue Correction: Run yum update socat or yum...

Medium: kernel

Issue Overview: It was found that the datalen parameter of the sockallocsendpskb function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their...

Medium: openssl

Issue Overview: An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS Datagram Transport Layer Security application data record lengths when using a block cipher in CBC cipher-block chaining mode. A malicious DTLS client or server could use this flaw ...

Important: bind

Issue Overview: A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of...

Medium: postgresql8

Issue Overview: The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later...

Medium: rubygems

Issue Overview: RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. Affected Packages: rubygems Issue Correction: Run yum update rubygems or yum update --advisory...

Medium: python27

Issue Overview: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of dat...

Low: kernel

Issue Overview: The rioioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. Affected Packages: kernel Issue Correction: Run yum...

Medium: python26

Issue Overview: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of dat...

Critical: php

Issue Overview: A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and argument...

Medium: puppet

Issue Overview: Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack ...

Medium: ImageMagick

Issue Overview: A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code...

Important: nginx

Issue Overview: Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4...

Important: openssl098e

Issue Overview: Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially-crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO...

Important: openssl

Issue Overview: Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially-crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO...

Medium: libpng

Issue Overview: A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the...

Low: perl-YAML-LibYAML

Issue Overview: Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML aka YAML-LibYAML and perl-YAML-LibYAML module 0.38 for Perl allow remote attackers to cause a denial of service process crash via format string specifiers in a 1 YAML stream to the Loa...

Medium: wireshark

Issue Overview: Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could...

Important: freetype

Issue Overview: Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash. Affected Packages: freetype Issue Correction: Run yum update freetype or...

Medium: nvidia

Issue Overview: The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. Affected Packages: nvidia Issue Correction: Run yum update nvidia or yum update --advisory ALAS-2012-67 to update your system. New...

Important: libtiff

Issue Overview: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application...

Medium: quagga

Issue Overview: Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service daemon crash via a Link State Update aka LS Update packet containing a network-LSA link-state advertisement for which the data-structure length is...

Medium: nginx

Issue Overview: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Affected Packages: nginx Issue Correction: Run yum updat...

Important: rpm

Issue Overview: Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library such as the rpm...

Important: libtasn1

Issue Overview: A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input such as an X.509 certificate that, when parsed by an application that uses libtasn1 such as applications using GnuTLS, could cause the application to crash...

Important: gnutls

Issue Overview: A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. CVE-2012-1573 A boundary error was found in the gnutlssessiongetdata...

Medium: openssl

Issue Overview: A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions S/MIME messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. CVE-2012-1165 A flaw was found in the...

Low: iproute

Issue Overview: iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by 1 configure or 2 examples/dhcp-client-script. Affected Packages: iproute Issue Correction: Run yum update iproute or yum update --advisory ALAS-2012-64 to update...

Medium: libpng

Issue Overview: A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with t...

Medium: kernel

Issue Overview: The ExecShield feature does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. Affected...

Medium: glibc

Issue Overview: An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFYSOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit th...

Medium: kernel

Issue Overview: A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk...

Medium: systemtap

Issue Overview: An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kern...

Medium: puppet

Issue Overview: Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login. The changeuser method in...

Medium: libxml2

Issue Overview: It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization...

Medium: texlive

Issue Overview: TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics AFM files. If a specially-crafted...

Important: libpng

Issue Overview: A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

Medium: nagios

Issue Overview: Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in 1 Nagios 3.2.3 and 2 Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an a command action or a b hosts action. Affected...

Important: libvorbis

Issue Overview: A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with...

Medium: cvs

Issue Overview: A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client...

Medium: httpd

Issue Overview: It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a...

Medium: kernel

Issue Overview: The journalunmapbuffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the Delay and Unwritten buffer head states, which allows local users to cause a denial of service system crash by leveraging the presence of an ext4 filesystem that w...