Ubuntu Security Notice 4500-1 - It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code.
ad79f2339f758eb6de120943827cf5912e41e6e5269955e5c50c38008853d145Gentoo Linux Security Advisory 202003-44 - A heap-based buffer overflow in Binary diff might allow remote attackers to execute arbitrary code. Versions less than 4.3-r4 are affected.
b1f1efad1891794dcd5fdf75af24260de0b5f106570e2af61a8d870300c3fc8cFreeBSD Security Advisory - The implementation of bspatch does not check for a negative value on numbers of bytes read from the diff and extra streams, allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was first discovered by The Chromium Project and reported independently by Lu Tung-Pin to the FreeBSD project. An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.
94be495aa94159d16c19228b849a936b7ff41d00262b82639c5ca19b61e52752Apple Security Advisory 2016-07-18-1 - OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities.
a2d9354c4a7f6ea06efa521cdd6516fbf0a138a5ca0981e16938eab249ee9d7d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed