HPE Security Bulletin HPSBUX03410 SSRT102175 1 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
285ee505b9669d1854cd08aeb5674d644bd0b538eff60181220efd7a9afa9157HPE Security Bulletin HPSBUX03369 SSRT102037 1 - A potential security vulnerability have been identified with HP-UX programs using the execve(2) system call. The vulnerability could be exploited locally to create an elevation of privilege. Revision 1 of this advisory.
555885bcc1ea1c4a4d6346039a6eac29109d2b40f6dbde463fffaafc40a61744Debian Linux Security Advisory 3342-1 - Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files.
a16d41b09a9384afe2a8b693f62e0412ecd3871bc6b7ef99bbf77ef482e96b20Debian Linux Security Advisory 3341-1 - It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets.
841d14d8ee9b3caf761b1f9bc2d5faef3983f910033d9a5335c49e371ab00488Red Hat Security Advisory 2015-1650-01 - Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. An improper permission check issue was discovered in the server admission control component in OpenShift. A user with build permissions could use this flaw to execute arbitrary shell commands on a build pod with the privileges of the root user. This issue was discovered by Cesar Wong of the Red Hat OpenShift Enterprise Team.
ee56f2b637949907876dac0c204f0902be6b9a15308bd46485f1e81c2289d41cUbuntu Security Notice 2702-3 - USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. Various other issues were also addressed.
0d37ac51a6eb9f125ccb7b770b241fe86f5a2549a14498c2537844e8a6a40b73Ubuntu Security Notice 2721-1 - It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
bf924d06c07de07ad62f90ddaca26ec6d2f16b7478d76f99c2a041bc556bda43Debian Linux Security Advisory 3340-1 - Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data.
23d6416156f37ab76976ca96977e08ed7c0c6841cde302f768e47b512c50093fDebian Linux Security Advisory 3339-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
cc5c31eaed80c0cd400ec91f3fd6136488f7855153b9eb4184a81e7c430e9138Red Hat Security Advisory 2015-1647-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. This update fixes several vulnerabilities in the MariaDB database server.
c19074cc30ee10160461cba41a7fba14cc48c4e3c83b609a85394af1f0a48077Red Hat Security Advisory 2015-1646-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. This update fixes several vulnerabilities in the MariaDB database server.
9e48c3c96eb61113412af42e99c4dde3ed3ab5100ec726ea8c150027ea62ebc0HPE Security Bulletin HPSBUX03400 SSRT102211 1 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
928c02d212c071234ac998c1ccd542c75746befe86272f5fc87537250be7fe15Flash suffers from a use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom.
f25272c8a1f372c28e643e729835debc9a97b7068e8da8e97a5a220acf1e5a89Flash version 18.0.0.209 contains new mitigations to defend against corruptions of Vector.<uint> (and other) lengths. One of these mitigations, at Vector access time, compares the Vector's in-memory length with a representation of the same length XOR'ed with a secret cookie. The bypass comes about because the secret cookie value is stored inside a structure, and a pointer to that structure is stored alongside the Vector length.
fcdf12cd364c0ea733d2eac6b27e7d2f9f878fe5206bb8c75cbfc449ce599745There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.
45e43f90ddcb052986798b06cfd1f46ebd1983e9b8561f2e5e9f429141da9e39If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa bytes, an integer overflow will occur in allocating the buffer to contain its converted string data, leading to a large copy into a small buffer. A sample fla, swf and mp3 are attached. Put id34.swf and tag.mp3 in the same folder to reproduce the issue. This issue only works on 64 bit platforms.
35155caf981a1919c824478ec4353bf7b0386be80fed9f35592dd6d487b2c05cThe Shared Object constructor does not check that the object it is provided is of type Object before setting it to be of type SharedObject. This can cause problems if another method (such as Sound.loadSound) calls into script between checking the input object type, and casting its native object.
19f7464f744154d2d6dd211423377f3e324df119f1b2817fad6a0f7b4e6ae5f4A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
6730e4bcb74ff3ada116f87db7b421bf1d013003c83ef00b178f449904c4d335The maintenance service creates a log file in a user writable location. It's possible to change the log file to a hardlink to another file to cause file corruption or elevation of privilege.
9a1d92cce93d1ad86dd9eac6ec55a2b6aedcc3249f5d93fb13aea55da6b68ba6Flash suffers from a heap-based buffer overflow due to an indexing error when loading FLV files.
4673942893163cde81ade110d85287f3016da128ff399dfaf5a45be550ea11c7Flash suffers from a heap-based buffer overflow vulnerability.
6dc90c34eaf395d7b5fc097c96fc3bbf1b826f568a8b16ab718447c06a8884a7A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x31B.
03f7aa286c6f7a41a1b151784a5669dfb726e0a84605f216c88584600f74d02fA crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
a0cd6e10f73a59037ae74f44a92933339dbaf1a11fe054b8edf070270dd6a4c0There is a type confusion issue in the TextFormat constructor that is reachable because the FileReference constructor does not verify that the incoming object is of type Object (it only checks that the object is not native backed). The TextFormat constructor first sets a new object to type TextFormat, and then calls into script several times before setting the native backing object. If one of these script calls then calls into the FileReference constructor, the object can be set to type FileReference, and then the native object will be set to the TextFormat, leading to type confusion.
913b0be9845adb6b994362bb787074269b6c1eeb7980d5b0f158933108a65e1aA crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x4A45. OffViz identified this offset as OLESSRoot.DirectoryEntries[100].OLESSDirectoryEntry[20].sidLeft with an original value of 0x00000000 and a fuzzed value of 0x00008000.
1abb29b1bfd3c4155dea845a8f4a1b457d8108a08fdcb085f1548e3efeb296aa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed