ruby: permissive certificate verification

After reviewing RFC 6125 and RFC 5280, multiple violations were found of matching hostnames and particularly wildcard certificates. Rubys OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching ...

icecast: denial of service

CVE-2015-3026 denial of service: The bug can only be triggered if "streamauth" is being used. This means, that all installations that use a default configuration are NOT affected.The default configuration only uses source-password. Neither are simple mountpoints affected that use password. A...

mediawiki: multiple issues

CVE-2015-2931 cross-side scripting It was discovered that MIME types were not properly restricted, allowing a way to circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in a SVG file. - CVE-2015-2932 cross-side scripting The SVG filter to prevent...

libssh2: out-of-bounds read

When negotiating a new SSH session with a remote server, one of libssh2's functions for doing the key exchange kexagreemethods was naively reading data from the incoming packet and using it without doing sufficient range checks. The SSHMSGKEXINIT packet arrives to libssh2 with a set of strings,...

ntp: multiple issues

CVE-2015-1798 accept unauthenticated packets: When ntpd is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code MAC in received packets is valid, but not if there actually is any MAC included. Packets without a MAC are accept...

chrony: denial of service

CVE-2015-1853 denial of service: This issue is similiar to the "ntp CVE-2015-1799"-issue. An attacker knowing that NTP hosts A and B are peering with each other symmetric association can send a packet to host A with source address of B which will set the NTP state variables on A to the values sen...

tor: multiple issues

CVE-2015-2928 "disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. CVE-2015-2929 "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially...

java-batik: xml external entity injection

Batik offers several classes for SVG to PNG/JPG conversion, which suffer from a XML External Entity Injection due to the evaluation of external entities within the given SVG file. If an application offers the possibility to upload a SVG file an attacker can put in a malicious formed file and...

thunderbird: multiple issues

CVE-2015-0801 same-origin bypass: Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...

firefox: certificate verification bypass

Security researcher Muneaki Nishimura discovered a flaw in the Mozilla's HTTP Alternative Services implementation. If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SS...

libtasn1: stack overflow

A two-byte stack overflow has been found in the ASN.1 DER decoding logic of libtasn1...

chromium: remote code execution

CVE-2015-1233 remote code execution: A combination of V8, Gamepad and IPC bugs can lead to remote code execution outside of the sandbox. - CVE-2015-1234 buffer overflow: Buffer overflow via a race condition in GPU...

firefox: multiple issues

CVE-2015-0801 same-origin bypass Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...

musl: arbitrary code execution

A stack-based buffer overflow has been found in musl libc's ipv6 address literal parsing code. Programs which call the inetpton or getaddrinfo function with AFINET6 or AFUNSPEC and untrusted address strings are affected. Successful exploitation yields control of the return address. Having enabled...

php: integer overflow

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or,...

vorbis-tools: denial of service

CVE-2014-9638 denial of service A flaw in oggenc allows attackers to cause a denial of service divide-by-zero error and crash via a WAV file with the number of channels set to zero. - CVE-2014-9639 denial of service Integer overflow in oggenc allows attackers to cause a denial of service crash...

util-linux: command injection

There is a command injection inside blkid. It uses caching files /dev/.blkid.tab or /run/blkid/blkid.tab to store info about the UUID, LABEL etc it finds on certain devices. However, it does not strip " character, so it can be confused to build variable names containing embedded shell metas, whic...

cpio: directory traversal

It was reported that cpio is vulnerable to a directory traversal vulnerability when using the --no-absolute-filenames option. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write to...

firefox: multiple issues

CVE-2015-0817 arbitrary remote code execution: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation JIT and its management of bounds checking for heap access...

drupal: multiple issues

CVE-2015-2559 access bypass Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password. In Drupal 7, this vulnerability is mitigated by the fact that it can only be exploited on sites where...

xerces-c: denial of service

CVE-2015-0252 denial of service The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. The bug does not appear to allow for remote code execution, but is a denial of service attack that in many applications may...

tcpdump: multiple issues

CVE-2014-8767 denial of service Integer underflow in the olsrprint function when in verbose mode, allows remote attackers to cause a denial of service crash via a crafted length value in an OLSR frame. - CVE-2014-8768 denial of service Multiple Integer underflows in the geonetprint function, when...

lib32-openssl: multiple issues

CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...

openssl: multiple issues

CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...

ecryptfs-utils: hard-coded passphrase salt

eCryptfs uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. By default, the wrapping key is hashed with the default fixed salt 0x0011223344556677. This update introduces the version 2 wrapped-passphrase file...

ettercap-gtk: multiple issues

CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...

ettercap: multiple issues

CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...

libxfont: multiple issues

As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X...

flashplugin: multiple issues

CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339: Memory corruption vulnerabilities leading to code execution. -CVE-2015-0334, CVE-2015-0336: Type confusion vulnerabilities leading to code execution. - CVE-2015-0337 : Vulnerability leading to a cross-domain policy bypass. -...

librsync: checksum collision

librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff...

unzip: arbitrary code execution

A buffer overflow out-of-bounds read or write in testcompreb in extract.c was found in the way unzip handled an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. A specially crafted Zip archive could cause unzi...

e2fsprogs: arbitrary code execution

If corrupted file system didn't trip over some corruption check, and then the file system was modified via tune2fs or debugfs, such that the superblock was marked dirty and then written out via the closefs path, it's possible that the buffer overrun could be triggered when the file system is...

python2-django python-django - cross site scripting

XSS attack via properties in ModelAdmin.readonlyfields...

mutt: denial of service

The writeoneheader function does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup function...

chromium: multiple issues

CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213, CVE-2015-1214, CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer...

grep: denial of service

The bmexectrans function in kwset.c allows local users to cause a denial of service out-of-bounds heap read and crash via crafted input when using the -F option. grep's read buffer is often filled to its full size, except when reading the final buffer of a file. In that case, the number of bytes...

lib32-elfutils: directory traversal

Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

putty: information disclosure

When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is the password typed durin...

elfutils: directory traversal

Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

firefox: multiple issues

CVE-2015-0819 tab spoofing: Mozilla developer Matthew Noorenberghe reported that whitelisted Mozilla domains could make UITour API calls while the UI Tour pages for Firefox are present in background tabs. If one of these Mozilla domains was compromised and open in another tab, an attacker could...

thunderbird: multiple issues

CVE-2015-0822 information leak: Security researcher Armin Razmdjou reported that a user readable file in a known local path could be uploaded to a malicious site. This was done by manipulating the autocomplete feature in a form and user interaction with it. While the local file is not visibly...

samba: arbitrary code execution

A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges. This flaw arises because of an uninitialized pointer is passed ...

krb5: multiple issues

CVE-2014-5352 authenticated remote code execution: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in...

dbus: denial of service

Systemd sends back an ActivationFailure D-Bus signal if the activation fails. However, when it receives these signals, dbus-daemon does not verify that the signal actually came from systemd. A malicious local user could send repeated ActivationFailure signals in the hope that it would "win the...

xorg-server: information leak and denial of service

Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string lengths exceeding the...

pigz: arbitrary write to files

The package pigz before version 2.3.3-1 is vulnerable to multiple directory traversal vulnerabilities. That allows remote attackers to write to arbitrary files via a 1 full pathname or 2 .. dot dot in an archive...

glibc: multiple issues

glibc has multiple issues including heap- and stack overflows that could be exploitable. The heap- and stack-overflow is possible in the swscanf function...

flashplugin: remote code execution

CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322 Use-after-free vulnerabilities leading to arbitrary code execution. - CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330 Memory corruption vulnerabilities leading to arbitrary code execution. -...

chromium: multiple issues

CVE-2015-1209 use-after-free Use-after-free in DOM, possibly leading to arbitrary code execution. Credit to Maksymillian Motyl. - CVE-2015-1210 cross-origin bypass Cross-origin-bypass in V8 bindings allows an attacker to bypass the same-origin policy. - CVE-2015-1211 privilege escalation...

ntp: multiple issues

CVE-2014-9297 information disclosure, denial of service The vallen packet value is not validated in several code paths in ntpcrypto.c which can lead to information leakage or a possible crash. - CVE-2014-9298 access restriction bypass While available kernels will prevent 127.0.0.1 addresses from...