lib32-libgcrypt: information disclosure

Felix Drre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and...

[ASA-201609-15] jansson: denial of service

Arch Linux Security Advisory ASA-201609-15 ========================================== Severity: Low Date : 2016-09-17 CVE-ID : CVE-2016-4425 Package : jansson Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package jansson before version...

chromium: multiple issues

CVE-2016-5170, CVE-2016-5171 arbitrary code execution Use after free in Blink. - CVE-2016-5172 information leakage Arbitrary Memory Read in v8. - CVE-2016-5173 access restriction bypass Extension resource access. - CVE-2016-5174 Popup not correctly suppressed. - CVE-2016-5175 arbitrary code...

flashplugin: multiple issues

CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 arbitrary code execution Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found...

lib32-flashplugin: multiple issues

CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 arbitrary code execution Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found...

mariadb: multiple issues

CVE-2016-6662 arbitrary code execution Researcher Dawid Golunski discovered several security issues in the mariadb DBMS, including a vulnerability flaw that can be exploited by a remote attacker to inject malicious settings into my.cnf configuration files. The flaw can be triggered to fully...

libtorrent-rasterbar: denial of service

A bug has been found in the libtorrent-rasterbar code handling GZIP-encoded responses from a tracker, where malformed responses could lead to a crash...

powerdns: denial of service

Two issues have been found in PowerDNS Authoritative Server allowing a remote, unauthenticated attacker to cause an abnormal load on the PowerDNS backend by sending crafted DNS queries, which might result in a partial denial of service if the backend becomes overloaded. SQL backends for example a...

[ASA-201609-7] tomcat8: proxy injection

Arch Linux Security Advisory ASA-201609-7 ========================================= Severity: Medium Date : 2016-09-10 CVE-ID : CVE-2016-5388 Package : tomcat8 Type : proxy injection Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package tomcat8 before version...

graphicsmagick: multiple issues

A last instance of CVE-2016-2317 heap buffer overflow in the MVG rendering code also impacts SVG. This problem was originally reported by Gustavo Grieco. 2. A possible heap overflow of the EscapeParenthesis function. While I was not able to reproduce it for myself, the implementation is replaced...

wordpress: multiple issues

CVE-2016-7168 cross-site scripting A cross-site scripting vulnerability via an image filename, reported by SumOfPwm researcher Cengiz Han Sahin. - CVE-2016-7169 directory traversal A directory traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the...

file-roller: multiple issues

File Roller was affected by a directory traversal bug that could result in deleted files if a user were tricked into opening a malicious archive...

thunderbird: arbitrary code execution

CVE-2016-2835 arbitrary code execution Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda and Philipp reported memory safety problems and crashes. - CVE-2016-2836 arbitrary code execution Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, and...

webkit2gtk: multiple issues

CVE-2016-4590 same-origin policy bypass xisigr of Tencents Xuanwu Lab discovered a vulnerability in the way webkit handles URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. - CVE-2016-4591 arbitrary filesystem access ma.la of LINE Corporation discoveered...

chromium: multiple issues

CVE-2016-5147 CVE-2016-5148 cross-site scripting Universal XSS in Blink. - CVE-2016-5149 script injection Script injection in extensions. - CVE-2016-5150 arbitrary code execution Use after free in Blink. - CVE-2016-5151 arbitrary code execution Use after free in PDFium. - CVE-2016-5152...

mupdf: arbitrary code execution

Marco Grassi discovered a use-after-free vulnerability in MuPDF. An attacker can take advantage of this flaw to cause an application crash denial-of-service, or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is processed...

mupdf: arbitrary code execution

Yu Hong and Zheng Jihong discovered a heap overflow vulnerability within the pdfloadmeshparams function, allowing an attacker to cause an application crash denial-of-service, or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is...

wireshark-cli: denial of service

CVE-2016-6505 denial of service It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2016-6506 denial of service It may be possible to make Wireshark consume excessive CPU resources by...

mediawiki: multiple issues

CVE-2016-6331 permission bypass Check read permission when loading page content in ApiParse. Prevents leaking page contents for extensions that deny read rights to certain pages via a userCan hook, but still allow the user to have read rights in general. - CVE-2016-6332 permission bypass Make...

libgcrypt: information disclosure

Felix Drre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and...

linux-lts: information disclosure

A security issue has been found in the Linux kernel's implementation of challenge ACKs as specified in RFC 5961. An attacker which knows a connection's client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client o...

linux-zen: information disclosure

A security issue has been found in the Linux kernel's implementation of challenge ACKs as specified in RFC 5961. An attacker which knows a connection's client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client o...

chromium: multiple issues

CVE-2016-5139 arbitrary code execution Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have other unspecified impact via crafted JPEG 2000 data. -...

postgresql: multiple issues

CVE-2016-5423 arbitrary code execution It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution. - CVE-2016-5424 privilege escalation It was found that...

linux-grsec: information disclosure

A security issue has been found in the Linux kernel's implementation of challenge ACKs as specified in RFC 5961. An attacker which knows a connection's client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client o...

linux: information disclosure

A security issue has been found in the Linux kernel's implementation of challenge ACKs as specified in RFC 5961. An attacker which knows a connection's client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client o...

websvn: cross-site scripting

Multiple cross-site scripting XSS vulnerabilities in revision.php, log.php, listing.php, and comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a file or directory in a repository...

jq: arbitrary code execution

A heap-based buffer overflow has been found in jq when parsing a JSON-encoded number longer than 256 bytes. The NULL-terminator byte was not allocated when the buffer was resized, causing a off-by-one write...

curl: multiple issues

CVE-2016-5419 authentication bypass libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established...

libupnp: arbitrary filesystem access

A vulnerability was found in libupnp. If there's no registered handler for a POST or GET request, the default behavior is to write to or read from the filesystem. This allows an unauthenticated attacker to store or retrieve arbitrary data. This issue allows full host filesystem access if the...

glibc: denial of service

CVE-2016-3075 denial of service The getnetbyname implementation in nssdns contains a potentially unbounded alloca call in the form of a call to strdupa, leading to a stack overflow stack exhaustion and a crash if getnetbyname is invoked on a very long name. - CVE-2016-5417 denial of service The...

lib32-glibc: denial of service

CVE-2016-3075 denial of service The getnetbyname implementation in nssdns contains a potentially unbounded alloca call in the form of a call to strdupa, leading to a stack overflow stack exhaustion and a crash if getnetbyname is invoked on a very long name. - CVE-2016-5417 denial of service The...

jdk7-openjdk: multiple issues

CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...

jre7-openjdk: multiple issues

CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...

jre7-openjdk-headless: multiple issues

CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...

firefox: multiple issues

CVE-2016-0718 arbitrary code execution Out-of-bounds read during XML parsing in Expat library. - CVE-2016-2830 information disclosure Favicon network connection can persist when page is closed. - CVE-2016-2835 CVE-2016-2836 arbitrary code execution Mozilla developers and community members...

openssh: information leakage

Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. Reported by EddieEzra.Harari at verint.com...

libidn: denial of service

CVE-2015-8948 denial of service Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. Reported by Hanno Boeck. - CVE-2016-6261 denial of service Fix out-of-bounds stack read in idnatoascii4i. Reported by Hanno Boeck. - CVE-2016-6262 denial of service...

imagemagick: information leakage

An out-of-bounds read has been found in ImageMagick's Get8BIMProperty function. This issue can lead to memory leak since the data read is written to the output image afterwards...

chromium: multiple issues

CVE-2016-1705 arbitrary code execution Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1706 sandbox escape Sandbox escape in PPAPI. Credit to Pinkie Pie. - CVE-2016-1708 arbitrary code execution Use-after-free in Extensions. Credit to Adam Varsan. - CVE-2016-1709...

python2-django: cross-site scripting

Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...

python-django: cross-site scripting

Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...

drupal: proxy injection

Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker can provide a proxy server that Guzzle will use. This vulnerability is called 'httpoxy'. httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It...

bind: denial of service

Although not commonly used, the BIND package contains provisions to allow systems to resolve names using the lightweight resolver protocol, a protocol similar to but distinct from the normal DNS protocols. The lightweight resolver protocol can be used either by running the lwresd utility installe...

flashplugin: multiple issues

CVE-2016-4175 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235...

lib32-flashplugin: multiple issues

CVE-2016-4175 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235...

gimp: arbitrary code execution

Multiple Use-After-Free when parsing XCF channel and layer properties...

thunderbird: arbitrary code execution

CVE-2016-2815 arbitrary code execution Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with...

libreoffice-fresh: arbitrary code execution

A use after free vulnerability was found in the RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet and superscript tokens. A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an...

libarchive: arbitrary code execution

A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application...