Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices Description Multiple vulnerabilities have been discovered in Chromium and...

OpenJPEG: Multiple vulnerabilities

Background OpenJPEG is an open-source JPEG 2000 library. Description Multiple vulnerabilities have been discovered in OpenJPEG. Please review the references below for details. Impact A remote attacker, via a crafted BMP, PDF, or j2k document, could execute arbitrary code, cause a Denial of Servic...

Adobe Flash Player: Remote execution of arbitrary code

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description A critical type confusion vulnerability was discovered in Adobe Flash Player. Impact A remote attacker could execute arbitrary code. Workaround There is no...

Kodi: Arbitrary code execution

Background Kodi is a free and open source media-center and entertainment hub previously known as XBMC. Description Kodi is vulnerable due to shipping with an embedded version of UnRAR. Please review the referenced CVE identifier for details. Impact A remote attacker, by enticing a user to process...

Nagios: Multiple vulnerabilities

Background Nagios is an open source host, service and network monitoring program. Description Multiple vulnerabilities have been discovered in Nagios. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly escalate privileges to root, thus allowing the...

Ruby: Multiple vulnerabilities

Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server “WEBRick” and a class for XML parsing “REXML”. Description Multiple vulnerabilities have been discovered in Ruby. Please review the referenced CVE identifiers for details...

libarchive: Multiple vulnerabilities

Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the referenced CVE identifiers fo...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact A local attacker could escalate privileges, cause a Denial of Service condition, obtain sensitive information, or have othe...

GnuTLS: Denial of service

Background GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. Description A null pointer dereference while decoding a status response TLS extension with valid contents was discovered in GnuTLS. Impact A remote attacker could possib...

Shadow: Buffer overflow

Background Shadow is a set of tools to deal with user accounts. Description Malformed input in the newusers tool may produce crashes and other unspecified behaviors. Impact A remote attacker could possibly cause a Denial of Service condition or bypass privilege boundaries in some web-hosting...

Puppet Agent: Multiple vulnerabilities

Background Puppet Agent contains Puppet’s main code and all of the dependencies needed to run it, including Facter, Hiera, and bundled versions of Ruby and OpenSSL. Description Multiple vulnerabilities have been discovered in Puppet Agent. Please review the references for details. Impact A remote...

Graphite: Multiple vulnerabilities

Background Graphite is a “smart font” system developed specifically to handle the complexities of lesser-known languages of the world. Description Multiple vulnerabilities have been discovered in Graphite. Please review the referenced CVE identifiers for details. Impact A remote attacker could...

elfutils: Multiple vulnerabilities

Background Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description Multiple vulnerabilities have been discovered in elfutils. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly cause a Denial of Service...

GNU Libtasn1: Multiple vulnerabilities

Background A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Description Multiple vulnerabilities have been discovered in...

WebKitGTK+: Multiple Vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, offers Webkit’s full functionality and is used on a wide range of systems. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please...

sudo: Privilege escalation

Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description The fix present in...

Pacemaker: Multiple vulnerabilities

Background Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters. Description Multiple vulnerabilities have been discovered in Pacemaker. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary...

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the referenced CVE identifiers for details. Impact A remote attacker could escalate privileges, cause a Denial of Service...

file: Stack-based buffer overflow

Background file is a utility that guesses a file format by scanning binary data for patterns. Description An issue discovered in file allows attackers to write 20 bytes to the stack buffer via a specially crafted .notes section. Impact A remote attacker, by using a specially crafted .notes sectio...

ICU: Multiple vulnerabilities

Background ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Multiple vulnerabilities have been discovered in ICU. Please review the referenced CVE identifiers for details. Impact A remote attacker could...

OCaml: Privilege escalation

Background OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. Description A bad sanitization of environment variables: CAMLCPLUGINS, CAMLNATIVECPLUGINS and CAMLBYTECPLUGINS in the OCaml compiler allows the execution of rais...

Munin: Arbitrary file write

Background Munin is an open source server monitoring tool. Description When Munin is compiled with CGI graphics enabled then the files accessible to the www-data user can be overwritten. Impact A local attacker, by setting multiple upperlimit GET parameters, could overwrite files accessible to th...

RubyGems: Multiple vulnerabilities

Background RubyGems is a sophisticated package manager for Ruby. Description Multiple vulnerabilities have been discovered in RubyGems. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticing a user to install a specially crafted gem, could possibly execute...

PCRE2: Multiple vulnerabilities

Background PCRE2 is a project based on PCRE Perl Compatible Regular Expressions which has a new and revised API. Description Multiple vulnerabilities have been discovered in PCRE2. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly execute arbitrary...

libsoup: Arbitrary remote code execution

Background libsoup is an HTTP client/server library for GNOME. Description A stack based buffer overflow vulnerability was discovered in libsoup. Impact A remote attacker, by using specially crafted HTTP requests, could execute arbitrary code with the privileges of the process. Workaround There i...

libTIFF: Multiple vulnerabilities

Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the referenced...

RAR, UnRAR: Multiple vulnerabilities

Background RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Description Multiple vulnerabilities have been discovered in RAR and UnRAR. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticing a user to open a...

Chromium: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in Chromium. Please review the referenced CVE identifiers for details. Impact A remote...

Tcpdump: Multiple vulnerabilities

Background Tcpdump is a tool for network monitoring and data acquisition. Description Multiple vulnerabilities have been discovered in Tcpdump. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the proce...

PHP: Multiple vulnerabilities

Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code with...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the referenced CVE identifiers for details. Impact A remote attacker coul...

Postfix: Privilege escalation

Background Postfix is a mail server and an alternative to the widely-used Sendmail program. Description By default, Berkeley DB reads a DBCONFIG configuration file from the current working directory. This is an undocumented behavior. Impact A local attacker, by using a specially crafted DGCONFIG...

Exim: Local privilege escalation

Background Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. Description Exim supports the use of multiple “-p” command line arguments causing a memory leak. This could lead to a stack-clash in user-space and as result...

Chromium: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in Chromium. Please review the referenced CVE identifiers for details. Impact A remote...

Oracle JDK/JRE, IcedTea: Multiple vulnerabilities

Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...

CVS: Command injection

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description It was discovered that when CVS is configured to use SSH for remote repositories it allows remote attackers to execute arbitrary code...

Mercurial: Multiple vulnerabilities

Background Mercurial is a distributed source control management system. Description Multiple vulnerabilities have been discovered in Mercurial. Please review the referenced CVE identifiers for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...

Binutils: Multiple vulnerabilities

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review References for...

GDK-PixBuf: Multiple vulnerabilities

Background GDK-PixBuf is an image loading library for GTK+. Description Multiple vulnerabilities have been discovered in GDK-PixBuf. Please review the referenced CVE identifiers for details. Impact A remote attacker, by sending a specially crafted TIFF, JPEG, or URL, could execute arbitrary code...

Kpathsea: User-assisted execution of arbitrary code

Background Kpathsea is a library to do path searching. It is used by TeX Live and others TeX related software. Description It was discovered that the mpost program from the shellescapecommands list is capable of executing arbitrary external programs during the conversion of .tex files. The...

Supervisor: command injection vulnerability

Background Supervisor is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating systems. Description A vulnerability in Supervisor was discovered in which an authenticated client could send malicious XML-RPC requests and supervidord will r...

mod_gnutls: Certificate validation error

Background modgnutls is an extension for ​Apache’s httpd. It uses the ​GnuTLS library to provide HTTPS. It supports some protocols and features that modssl does not. Description It was discovered that the authentication hook in modgnutls does not validate client’s certificates even when option...

GIMPS: Root privilege escalation

Background GIMPS, the Great Internet Mersenne Prime Search, is a software capable of find Mersenne Primes, which are used in cryptography. GIMPS is also used for hardware testing. Description It was discovered that Gentoo’s default GIMPS installation suffered from a privilege escalation...

Perl: Race condition vulnerability

Background File::Path module provides a convenient way to create directories of arbitrary depth and to delete an entire directory subtree from the filesystem. Description A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtre...

SquirrelMail: Remote Code Execution

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description It was discovered that the sendmail.cf file is mishandled in a popen call. Impact A remote attacker, by enticing a user to open an e-mail attachment...

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, offers Webkit’s full functionality and is used on a wide range of systems. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please...

chkrootkit: Local privilege escalation

Background chkrootkit is a tool to locally check for signs of a rootkit. Description When /tmp is mounted without the noexec option chkrootkit will execute files in /tmp with root privileges. Impact A local attacker could possibly execute arbitrary code with root privileges. Workaround Users shou...

cURL: Multiple vulnerabilities

Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition, obtain...

Git: Command injection

Background Git is a small and fast distributed version control system designed to handle small and large projects. Description Specially crafted ‘ssh://...’ URLs may allow the owner of the repository to execute arbitrary commands on client’s machine if those commands are already installed on the...

Subversion: Arbitrary code execution

Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS’s :ext: method. In addition to supporting the features found in CVS,...