jenkins -- multiple vulnerabilities

Kohsuke Kawaguchi from Jenkins team reports: Description SECURITY-125 Combination filter Groovy script unsecured This vulnerability allows users with the job configuration privilege to escalate his privileges, resulting in arbitrary code execution to the master. SECURITY-162 directory traversal...

PuTTY -- fails to scrub private keys from memory after use

Simon Tatham reports: When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is th...

cryptopp -- multiple vulnerabilities

Multiple sources report: CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...

rt -- Remote DoS, Information disclosure and Session Hijackingvulnerabilities

Best Practical reports: RT 3.0.0 and above, if running on Perl 5.14.0 or higher, are vulnerable to a remote denial-of-service via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This...

krb5 1.11 -- New release/fix multiple vulnerabilities

The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6: Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...

FreeBSD -- Integer overflow in IGMP protocol

Problem Description: An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. Impact: An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-11 Miscellaneous memory safety hazards rv:36.0 / rv:31.5 MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections MFSA-2015-14 Malicious WebGL content crash when...

samba -- Unexpected code execution in smbd

Samba development team reports: All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent...

qt4-gui, qt5-gui -- DoS vulnerability in the BMP image handler

Richard J. Moore reports: The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug that would lead to a division by zero when loading certain corrupt BMP files. This in turn would cause the application loading these hand crafted BMPs to crash...

krb5 1.12 -- New release/fix multiple vulnerabilities

The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.12.3: Fix multiple vulnerabilities in the LDAP KDC back end. CVE-2014-5354 CVE-2014-5353 Fix multiple kadmind vulnerabilities, some of which are based in the gssrpc library. CVE-2014-5352 CVE-2014-5352 CVE-2014-9421...

redmine -- potential XSS vulnerability

Redmine reports: Potential XSS vulnerability when rendering some flash messages...

bind -- denial of service vulnerability

ISC reports: When configured to perform DNSSEC validation, named can crash when encountering a rare set of conditions in the managed trust anchors...

php5 -- multiple vulnerabilities

The PHP Project reports: Use after free vulnerability in unserialize with DateTimeZone. Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow...

cabextract -- directory traversal with UTF-8 symbols in filenames

Cabextract ChangeLog reports: It was possible for cabinet files to extract to absolute file locations, and it was possible on Cygwin to get around cabextract's absolute and relative path protections by using backslashes...

unzip -- heap based buffer overflow in iconv patch

Ubuntu Security Notice USN-2502-1 reports: unzip could be made to run programs if it opened a specially crafted file...

chrony -- multiple vulnerabilities

Chrony News reports: CVE-2015-1853: DoS attack on authenticated symmetric NTP associations CVE-2015-1821: Heap-based buffer overflow in access configuration CVE-2015-1822: Use of uninitialized pointer in command processing...

xen-kernel -- arm: vgic-v2: GICD_SGIR is not properly emulated

The Xen Project reports: When decoding a guest write to a specific register in the virtual interrupt controller Xen would treat an invalid value as a critical error and crash the host. By writing an invalid value to the GICD.SGIR register a guest can crash the host, resulting in a Denial of Servi...

krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092

The MIT Kerberos team reports: CVE-2014-5353: The krb5ldapgetpasswordpolicyfromdn function in plugins/kdb/ldap/libkdbldap/ldappwdpolicy.c in MIT Kerberos 5 aka krb5 before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service daemon crash via a successful...

elasticsearch -- remote OS command execution via Groovy scripting engine

Elastic reports: Vulnerability Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine that were introduced in 1.3.0. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the...

mini_httpd -- buffer overflow via snprintf

ACME Updates reports: minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. rene ACME, the author, claims that the...

xorg-server -- Information leak in the XkbSetGeometry request of X servers.

Peter Hutterer reports: Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string...

libidn -- out-of-bounds read issue with invalid UTF-8 input

Simon Josefsson reports: stringpreputf8toucs4 now rejects invalid UTF-8. This function has always been documented to not validate that the input UTF-8 string is actually valid UTF-8...

e2fsprogs -- potential buffer overflow in closefs()

Theodore Ts'o reports: On a carefully crafted filesystem that gets modified through tune2fs or debugfs, it is possible to trigger a buffer overrun when the file system is closed via closefs...

librsvg2 -- denial of service vulnerability

Adam Maris, Red Hat Product Security, reports: CVE-2015-7557: Out-of-bounds heap read in librsvg2 was found when parsing SVG file...

PostgreSQL -- multiple buffer overflows and memory issues

PostgreSQL Project reports: This update fixes multiple security issues reported in PostgreSQL over the past few months. All of these issues require prior authentication, and some require additional conditions, and as such are not considered generally urgent. However, users should examine the list...

chromium -- multiple vulnerabilities

Chrome Releases reports: 11 security fixes in this release, including: 447906 High CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian. 453979 High CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous. 453982 High CVE-2015-1211: Privilege escalation using service worker...

apache24 -- multiple vulnerabilities

Jim Jagielski reports: CVE-2015-3183 cve.mitre.org core: Fix chunk header parsing defect. Remove aprbrigadeflatten, buffering and duplicated code from the HTTPIN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized...

krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092

MIT krb5 Security Advisory 2015-001 reports: CVE-2014-5352: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will resu...

openldap -- two remote denial of service vulnerabilities

Ryan Tandy reports: With the deref overlay enabled, ldapsearch with '-E deref=member:' causes slapd to crash. Bill MacAllister discovered that certain queries cause slapd to crash while freeing operation controls. This is a 2.4.40 regression. Earlier releases are not affected...

adminer -- XSS vulnerability

Jakub Vrana reports: Fix XSS in login form...

cassandra3 -- jBCrypt integer overflow

mindrot project reports: There is an integer overflow that occurs with very large logrounds values, first reported by Marcus Rathsfeld...

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: modproxyfcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. modcache: Avoid a crash when Content-Type has an empty value. PR 56924. modlua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Requi...

xen-kernel -- arm: vgic: incorrect rate limiting of guest triggered logging

The Xen Project reports: On ARM systems the code which deals with virtualizing the GIC distributor would, under various circumstances, log messages on a guest accessible code path without appropriate rate limiting. A malicious guest could cause repeated logging to the hypervisor console, leading ...

glibc -- gethostbyname buffer overflow

Robert Krátký reports: GHOST is a 'buffer overflow' bug affecting the gethostbyname and gethostbyname2 function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the...

FreeBSD -- SCTP stream reset vulnerability

Problem Description: The input validation of received SCTP RECONFIG chunks is insufficient, and can result in a NULL pointer deference later. Impact: A remote attacker who can send a malformed SCTP packet to a FreeBSD system that serves SCTP can cause a kernel panic, resulting in a Denial of...

FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure

Problem Description: Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory. Impact: An unprivileged process can read or modify 16-bits of memory which belongs to the kernel. This may lead to...

privoxy -- multiple vulnerabilities

Privoxy Developers reports: Fixed a DoS issue in case of client requests with incorrect chunk-encoded body. When compiled with assertions enabled the default they could previously cause Privoxy to abort. Reported by Matthew Daley. CVE-2015-1380. Fixed multiple segmentation faults and memory leaks...

libssh2 -- denial of service vulnerability

Mariusz Ziulek reports: A malicious attacker could man in the middle a real server and cause libssh2 using clients to crash denial of service or otherwise read and use completely unintended memory areas in this process...

Adobe Flash Player -- critical vulnerability

Adobe reports: Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 62 security fixes in this release, including: 430353 High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning. 435880 High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne. 434136 High CVE-2014-7925: Use-after-free in WebAudio. Credit ...

Bugzilla multiple security issues

Bugzilla Security Advisory Command Injection Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes. Information Leak Using the WebServices API, a user c...

ha -- Directory traversals

Alexander Cherepanov reports: Version 0.999b and older of ha archiver is susceptible to directory traversal vulnerabilities via absolute and relative paths...

websvn -- information disclosure

Thijs Kinkhorst reports: James Clawson reported: "Arbitrary files with a known path can be accessed in websvn by committing a symlink to a repository and then downloading the file using the download link. An attacker must have write access to the repo, and the download option must have been enabl...

mod_jk -- information disclosure

NIST reports: Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

samba -- Elevation of privilege to Active Directory Domain Controller

Samba team reports: In Samba's AD DC we neglected to ensure that attempted modifications of the userAccountControl attribute did not allow the UFSERVERTRUSTACCOUNT bit to be set...

polarssl -- Remote attack using crafted certificates

PolarSSL team reports: During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1sequence is not initialized by asn1getsequenceof. In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarsslfree. This sequence...

Adobe Flash Player -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system...

django -- multiple vulnerabilities

The Django project reports: Today the Django team is issuing multiple releases -- Django 1.4.18, Django 1.6.10, and Django 1.7.3 -- as part of our security process. These releases are now available on PyPI and our download page. These releases address several security issues. We encourage all use...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-01 Miscellaneous memory safety hazards rv:35.0 / rv:31.4 MFSA-2015-02 Uninitialized memory use during bitmap rendering MFSA-2015-03 sendBeacon requests lack an Origin header MFSA-2015-04 Cookie injection through Proxy Authenticate responses MFSA-2015-05 Read...

sympa -- Remote attackers can read arbitrary files

The Sympa Project reports: The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors...