Red Hat Security Advisory 2014-0312-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
ed152ea19937dfd772c59ba8bdad4a73bae67c13b28bf59e21e0dec3e764f158
Red Hat Security Advisory 2014-0311-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
2a64c8f53e6dc048bca206f2a449803fc371f77164f14a295802d4991566105c
Ubuntu Security Notice 915-1 - Several flaws were discovered in the JavaScript engine of Thunderbird. Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left (RTL) override characters. Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments.
4abd2d6f36bedce62d8e1eed0ee21108af3268f19a75e5e592dec1d303db0131
Debian Linux Security Advisory 1998-1 - Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.
9f69ed0b9baefb794367a639c88f2978dea5a77909ecde0c61edf4cba47aaddc
Mandriva Linux Security Advisory 2010-028 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. The updated packages have been patched to correct these issues.
bcbed668507255178c552af90eaf168b462be20aa49012dc6e3325cff54e5b26
Mandriva Linux Security Advisory 2010-027 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption. The updated packages have been patched to correct these issues.
701ad2e7099f449e19e82471a31b95691ff8ff843d3d5029da766636d5585359
Mac OS X versions 10.5 and 10.6 suffers from a buffer overflow vulnerability in libc/strtod(3).
330c9d7d085bc82da2371af39d43273ccaac08ea388a26d47fb3bf3d953867d8
Matlab R2009b suffers from an array overrun vulnerability that allows for code execution.
d0fecd045e6348016e15d944f4d2ab38c62e2de8cd2a7176be5367552b8e4e29
J version 6.02.023 suffers from an array overrun vulnerability.
07186da5845d16072c45cb784eb5b3b228dfd83cfc5385b39f355ccccd3d8bc2
Mandriva Linux Security Advisory 2009-346 - Mandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes.
220ebe4f1e1e6e4f9dd1f77b20359a3737af488082ad0fbf33320b3ed79bb462
Ubuntu Security Notice 871-1 - A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service (via application crash) or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites.
75082f2353ff3b42c699cee9462dcd44b407a01f5801f30ef5ee5074ffc41209
Thunderbird version 2.0.0.23 suffers from a remote array overrun that allows for arbitrary code execution.
9a6a391941b200a19efd9a43cd84797f49e731b5b7c082401291e365c9294a3d
Sunbird version 0.9 suffers from a remote array overrun that allows for code execution.
2483a1810a65e2b43ccfed2e7e173d84dd8e586834924704ffeccf778c51a7b4
Camino version 1.6.10 suffers from a remote array overrun that allows for arbitrary code execution.
e16541afa2295ecb3f4cbf992119b30a71799c09664819cedf8c4168e8bb4a6f
Flock version 2.5.2 suffers from a remote array overrun that allows for arbitrary code execution.
3046782d52e5b5223a145b479d898e4e8979080472f8c526d055bf3af11ab4b5
Mandriva Linux Security Advisory 2009-330 - Multiple vulnerabilities have been found and corrected in kdelibs. This update provides a solution to this vulnerability.
a9d7bfa461ed5ebec3aa67993de759e80660a11cdb2ad32a9324462480797b82
KDE KDELibs version 4.3.3 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
6f52b93fb01923395e9e086f5499f4f495580fa36af7131b1bed3d92eb179b44
Opera version 10.01 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
a37b1ab07f2eb1b10acb2a9937e5b99e96db9296d51a29455557a8d718666d22
K-Meleon version 1.5.3 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
4f99f451546f29e0f79ecb622261bf75af36cf92b6e4376642a36de97a3e3327
SeaMonkey version 1.1.8 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
2aa2eab42892d1c8cf5768b431d3c784578d3ee3b77c8e0e16d5a0e45da5403f
An array overrun vulnerability has been discovered in libc/gdtoa printf(3). Systems affected include OpenBSD version 4.5, NetBSD version 5.0, and FreeBSD versions 7.2 and 6.4.
6fc751f14f61d5dec5fcbcc881b492b6baf8d6e0fa133f6837603632c8dae90f