Ubuntu Security Notice 2728-1 - Hanno Boeck discovered that Bind incorrectly handled certain malformed keys when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service.
9e9bbd0c17fcb514ece8705a5dfed06161b5de9b92526a55ba59e532db466ae1Debian Linux Security Advisory 3348-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.
d4caecd611d7206d6b576bd6b6ffb531a65be402acb6ce80027292d74d548c49Debian Linux Security Advisory 3349-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
a395f8c3820b53a91478fcb7cfc0e4a17fdccee3d8adedad3ab0c731eea869aaCisco Security Advisory - Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
2c5fa2f319df0e8038c3c808cf4c1fd51307ba39049a7b64a242c1c3f5166208Red Hat Security Advisory 2015-1713-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
49ffce759a42d047289bf21d9fd788ae2b62ae17d37d4840d504985163ddb7abRed Hat Security Advisory 2015-1714-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process.
67ebee277f3cd76edbe898b78436f68f47fec2dd708a890b3ac0866c3ac388a8Red Hat Security Advisory 2015-1715-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process.
c4547ebbe58f54a0a80e200003e1cbaa72cff169bf784f916595c052c72bac9dUbuntu Security Notice 2729-1 - Florian Weimer discovered that libvdpau incorrectly handled certain environment variables. A local attacker could possibly use this issue to gain privileges.
f9bb1d4710e93939b4c98a47c6a7b4e286980b12fd75b827893ce3701b6495ccUbuntu Security Notice 2730-1 - Georgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Qinghao Tang discovered that OpenSLP incorrectly handled processing certain messages. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. Various other issues were also addressed.
c828c7a0101c438f4133e60c1b2ebbf201bf3c3c316e8350e3739ea2b9f7a33cRed Hat Security Advisory 2015-1712-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 45.0.2454.85, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
c3b6fa97ecf534ca6a487b174db66835be6d6de7b85ceaa2b38e3ee2924630deRed Hat Security Advisory 2015-1704-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.1.0. It includes various bug fixes, which are listed in the README file included with the patch files.
53f1c421b8c99655529546bc290c8b85fdd359c1e40f2e93223dfd184b20d2ecRed Hat Security Advisory 2015-1708-01 - The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server.
b4c72f1baca33b69f444c7d54c609270e1c6b3023adf8a3f5b00f5bf23f3c79cSlackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
71e9021c7dd146c2fbdff8344b3ed3f5124096ad070583b42adb31fadb00ccdaDebian Linux Security Advisory 3350-1 - Hanno Boeck discovered that incorrect validation of DNSSEC-signed records in the Bind DNS server could result in denial of service.
a2ee59fa7b049499a7e64ecff9e271c325fb9143bcb165a3d51166b25c1d8f20Red Hat Security Advisory 2015-1706-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query that would cause named functioning as a validating resolver to crash.
0f900569386df1dc61133ad536d7a6be8fb800f54e491aea114bf372975f9225Red Hat Security Advisory 2015-1705-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query that would cause named functioning as a validating resolver to crash.
e5f6596d38308d8d26b67eedfe979735bd15143a2a88ace16efc1fd0cb6124cfRed Hat Security Advisory 2015-1707-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query that would cause named functioning as a validating resolver to crash.
63d1d6e4246dcf1b0ac3622f8df657ee68462300f5c59a8db18a06f95c87c54aDebian Linux Security Advisory 3347-1 - Pyry Hakulinen and Ashish Shakla at Automattic discovered that pdns, an authoritative DNS server, was incorrectly processing some DNS packets; this would enable a remote attacker to trigger a DoS by sending specially crafted packets causing the server to crash.
b2e88d5dacbd68488cd3d0c8ac1beea24ead6d7d4d5aa16c4216d923501f8782GPON home router version G-93RG1 suffers from a cross site request forgery vulnerability that allows for arbitrary command execution.
ff049e29a1d5430e473f234eb2a8e28f171226e886b3714de5fd087d7f4b134f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed