OSS Sec Archive by Thread 2017/09-Sep
- Re: [oss-security] Reporting and disclosing Linux kernel vulnerabilities,
Andrey Konovalov
- Re: [oss-security] openjpeg: heap-based buffer overflow in opj_t2_encode_packet (t2.c),
Agostino Sarubbo
- Re: [oss-security] openjpeg: invalid memory write in tgatoimage (convert.c),
Agostino Sarubbo
- Re: [oss-security] openjpeg: stack-based buffer overflow write in pgxtoimage (convert.c),
Agostino Sarubbo
- Re: [oss-security] graphicsmagick: memory allocation failure in MagickRealloc (memory.c),
Agostino Sarubbo
- [oss-security] graphicsmagick: use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403),
Agostino Sarubbo
- [oss-security] CVE-2017-14106 kernel: net/ipv4: divide by 0 in __tcp_select_window(),
Vasily Averin
- [oss-security] libzip: memory allocation failure in _zip_cdir_grow (zip_dirent.c),
Agostino Sarubbo
- [oss-security] libzip: use-after-free in _zip_buffer_free (zip_buffer.c),
Agostino Sarubbo
- [oss-security] CVE-2017-14102: MIMEDefang privilege escalation via PID file manipulation,
Michael Orlitzky
- Re: [oss-security] unrar-free/unrar-gpl: directory traversal and other issues,
Salvatore Bonaccorso
- Re: [oss-security] CVE-2017-1000083: evince: Command injection vulnerability in CBT handler,
Marcus Meissner
- [oss-security] [ANN] Apache Struts 2.5.13 GA with Security Fixes Release,
Lukasz Lenart
- [oss-security] CVE-2017-1000249: file: stack based buffer overflow,
Thomas Jarosch
- [oss-security] Django security releases issued: 1.11.5 and 1.10.8,
Tim Graham
- [oss-security] openjpeg: heap-based buffer overflow in opj_mqc_flush (mqc.c),
Agostino Sarubbo
- [oss-security] openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c),
Agostino Sarubbo
- [oss-security] openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) (INCOMPLETE FIX FOR CVE-2017-14152),
Agostino Sarubbo
- [oss-security] graphicsmagick: memory allocation failure in MagickMalloc (memory.c),
Agostino Sarubbo
- [oss-security] libarchive: heap-based buffer overflow in xml_data (archive_read_support_format_xar.c),
Agostino Sarubbo
- Re: [oss-security] CVE-2017-12847: nagios-core privilege escalation via PID file manipulation,
Daniel Kahn Gillmor
- [oss-security] [ANN] Apache Struts 2.3.34 General Availability with Security Fixes Release,
Lukasz Lenart
- [oss-security] CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image,
P J P
- [oss-security] aacplusenc: NULL pointer dereference in DeleteBitBuffer (bitbuffer.c),
Agostino Sarubbo
- [oss-security] Tcpdump 4.9.2,
Leo Famulari
- [oss-security] CVE-2017-12612 Unsafe deserialization in Apache Spark launcher API,
Sean Owen
- [oss-security] Arch Linux and tcpdump 4.9.2,
Denis Ovsienko
- Re: [oss-security] CVE-2017-13673 Qemu: vga: reachable assert failure during during display update,
Salvatore Bonaccorso
- [oss-security] GNU Emacs 25.2 enriched text remote code execution,
Paul Eggert
- [oss-security] CVE-2017-14159: OpenLDAP privilege escalation via PID file manipulation,
Michael Orlitzky
- [oss-security] Xen Security Advisory 231 (CVE-2017-14316) - Missing NUMA node parameter verification,
Xen . org security team
- [oss-security] Xen Security Advisory 232 (CVE-2017-14318) - Missing check for grant table,
Xen . org security team
- [oss-security] Xen Security Advisory 233 (CVE-2017-14317) - cxenstored: Race in domain cleanup,
Xen . org security team
- [oss-security] Xen Security Advisory 234 (CVE-2017-14319) - insufficient grant unmapping checks for x86 PV guests,
Xen . org security team
- [oss-security] Shibboleth plugin for WordPress: CVE-2017-14313: XSS vulnerability due to improper use of add_query_arg(),
Salvatore Bonaccorso
- [oss-security] CVE-2017-14340: Linux kernel: xfs: unprivileged user kernel oops,
Dave Chinner
- [oss-security] CVE-2017-12153 Linux kernel: nl80211: null pointer dereference in nl80211_set_rekey_data(),
Vladis Dronov
- [oss-security] tcpdump 4.9.2 is fully available,
Denis Ovsienko
- [oss-security] Linux BlueBorne vulnerabilities,
Armis Security
- [oss-security] mp3gain: stack-based buffer overflow in filterYule (gain_analysis.c),
Agostino Sarubbo
- [oss-security] mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c),
Agostino Sarubbo
- [oss-security] mp3gain: stack-based buffer overflow in copy_mp (mpglibDBL/interface.c),
Agostino Sarubbo
- [oss-security] mp3gain: global buffer overflow in III_dequantize_sample (mpglibDBL/layer3.c),
Agostino Sarubbo
- [oss-security] mp3gain: stack-based buffer overflow in dct36 (mpglibDBL/layer3.c),
Agostino Sarubbo
- [oss-security] mp3gain: invalid memory write in copy_mp (mpglibDBL/interface.c),
Agostino Sarubbo
- [oss-security] mp3gain: global buffer overflow in III_i_stereo (mpglibDBL/layer3.c),
Agostino Sarubbo
- [oss-security] mp3gain: memcpy-param-overlap in set_pointer (mpglibDBL/common.c),
Agostino Sarubbo
- Re: [oss-security] Re: Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch,
Thomas Jarosch
- [oss-security] CVE-2017-1000252: KVM denial of service with posted interrupts on Intel systems (since Linux 4.4),
Jan H. Schönherr
- [oss-security] Podbeuter podcast fetcher: remote code execution,
Alexander Batischev
- [oss-security] [OSSN-0081] sha512_crypt is insufficient for password hashing,
Luke Hinds
- [oss-security] CVE-2017-14312: Nagios core root privilege escalation via insecure permissions,
Michael Orlitzky
- [oss-security] CVE-2017-14497: Linux kernel: packet: buffer overflow in tpacket_rcv(),
Vladis Dronov
- [oss-security] Optionsbleed bug in Apache HTTPD,
Hanno Böck
- [oss-security] [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow,
Luciano Bello
[oss-security] CVE-2017-9803: Security vulnerability in kerberos delegation token functionality,
Shalin Shekhar Mangar
[oss-security] [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload,
Mark Thomas
[oss-security] [SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure,
Mark Thomas
[oss-security] CVE-2017-14609 Kannel privilege escalation via PID file manipulation,
Michael Orlitzky
[oss-security] CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug,
连一汉
[oss-security] CVE request: code execution in Horde_Image 2.0.0 to 2.5.1,
Thomas Jarosch
[oss-security] CVE-2017-14681: P3Scan privilege escalation via PID file manipulation,
Michael Orlitzky
[oss-security] bladeenc: global buffer overflow in iteration_loop (loop.c),
Agostino Sarubbo
[oss-security] graphicsmagick: assertion failure in pixel_cache.c,
Agostino Sarubbo
[oss-security] bento4: heap-based buffer overflow in AP4_BitStream::ReadBytes (Ap4BitStream.cpp),
Agostino Sarubbo
[oss-security] bento4: NULL pointer dereference in AP4_Atom::SetType (Ap4Atom.h),
Agostino Sarubbo
[oss-security] bento4: NULL pointer dereference in AP4_AtomSampleTable::GetSample (Ap4AtomSampleTable.cpp),
Agostino Sarubbo
[oss-security] bento4: NULL pointer dereference in AP4_DataAtom::~AP4_DataAtom (Ap4MetaData.cpp),
Agostino Sarubbo
[oss-security] bento4: NULL pointer dereference in AP4_StdcFileByteStream::ReadPartial (Ap4StdCFileByteStream.cpp),
Agostino Sarubbo
[oss-security] bento4: heap-based buffer overflow in AP4_HdlrAtom::AP4_HdlrAtom (Ap4HdlrAtom.cpp),
Agostino Sarubbo
[oss-security] bento4: heap-based buffer overflow in AP4_BytesToUInt32BE (Ap4Utils.h),
Agostino Sarubbo
[oss-security] bento4: heap-based buffer overflow in AP4_DataBuffer::SetData (Ap4DataBuffer.cpp),
Agostino Sarubbo
[oss-security] bento4: stack-based buffer overflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp),
Agostino Sarubbo
[oss-security] bento4: stack-based buffer underflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp),
Agostino Sarubbo
[oss-security] CVE-2017-14489: Linux kernel: scsi: nlmsg is not properly parsed in iscsi_if_rx(),
Vladis Dronov
[oss-security] Re: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow,
Salvatore Bonaccorso
[oss-security] Why send bugs embargoed to distros?,
Hanno Böck
- Re: [oss-security] Why send bugs embargoed to distros?,
Levente Polyak - Sat Sep 23 13:56:02 GMT 2017
- Re: [oss-security] Why send bugs embargoed to distros?,
Simon McVittie - Sat Sep 23 13:57:27 GMT 2017
- Re: [oss-security] Why send bugs embargoed to distros?,
Marc Deslauriers - Sat Sep 23 15:14:28 GMT 2017
- Re: [oss-security] Why send bugs embargoed to distros?,
Kurt H Maier - Sat Sep 23 16:20:50 GMT 2017
- Re: [oss-security] Why send bugs embargoed to distros?,
Till Dörges - Sat Sep 23 18:50:19 GMT 2017
- Re: [oss-security] Why send bugs embargoed to distros?,
Marcus Meissner - Sat Sep 23 19:23:15 GMT 2017
- Re: [oss-security] Why send bugs embargoed to distros?,
Ludovic Courtès - Sun Sep 24 20:15:08 GMT 2017
- Re: [oss-security] Why send bugs embargoed to distros?,
Igor Seletskiy - Mon Sep 25 02:35:35 GMT 2017
- Re: [oss-security] Why send bugs embargoed to distros?,
John Haxby - Mon Sep 25 08:07:36 GMT 2017
- Re: [oss-security] Why send bugs embargoed to distros?,
Cliff Perry - Mon Sep 25 13:52:13 GMT 2017
[oss-security] Foreman 1.1+ stored XSS in organizations/locations assignment to hosts,
Marek Hulán
[oss-security] wordpress <= 4.8.1 SQLi,
Slavco Mihajloski
[oss-security] Linux kernel CVEs not mentioned on oss-security,
Priedhorsky, Reid
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Kurt Seifried - Tue Sep 26 01:41:20 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Simon McVittie - Tue Sep 26 06:55:56 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Moritz Muehlenhoff - Tue Sep 26 07:01:10 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Agostino Sarubbo - Tue Sep 26 07:08:20 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Greg KH - Tue Sep 26 07:32:14 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Nicholas Luedtke - Tue Sep 26 13:23:14 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Agostino Sarubbo - Tue Sep 26 14:50:10 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Greg KH - Tue Sep 26 15:04:46 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Muhammed Mustapha Abiola - Wed Sep 27 09:14:04 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Solar Designer - Wed Sep 27 12:51:49 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Greg KH - Wed Sep 27 13:04:24 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Solar Designer - Wed Sep 27 14:57:13 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Greg KH - Thu Sep 28 14:33:13 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Salvatore Bonaccorso - Thu Sep 28 07:35:33 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Greg KH - Thu Sep 28 14:34:20 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Brad Spengler - Thu Sep 28 21:37:21 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Bob Friesenhahn - Tue Sep 26 17:31:38 GMT 2017
- Re: [oss-security] Linux kernel CVEs not mentioned on oss-security,
Solar Designer - Wed Sep 27 15:09:18 GMT 2017
[oss-security] CVE-2017-12154 Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register,
P J P
[oss-security] binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c),
Agostino Sarubbo
[oss-security] Advisory: Git cvsserver OS Command Injection,
joernchen
[oss-security] ImageMagick : CVE-2017-14741 : Infinite loop in ReadCAPTIONImage,
NOIRFATE
[oss-security] CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path.,
Alex R
[oss-security] CVE-2017-7687: Libprocess might crash when decoding a malformed request.,
Alex R
[oss-security] Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253),
Qualys Security Advisory
[oss-security] [SECURITY] CVE-2017-12621 Apache Commons Jelly connects to URL with custom doctype definitions.,
Rob Tompkins
[oss-security] Vulnerability in Wordpress Plugin backwpup v3.4.1 possible brute forcing of backup file download,
Larry W. Cashdollar
Re: [oss-security] CVE-2017-9772: OCaml release 4.04.2,
Emilio Pozuelo Monfort
[oss-security] OpenVPN CVE-2017-12166: remote buffer overflow,
Guido Vranken
[oss-security] Joomla extension Easy Joomla Backup v3.2.4 database backup exposure,
Larry W. Cashdollar
[oss-security] Xen Security Advisory 245 - ARM: Some memory not scrubbed at boot,
Xen . org security team
[oss-security] Stored XSS vulnerability in Tine 2.0 Community Edition <= 2017.08.3,
chbi
[oss-security] Stored XSS vulnerability in eGroupware Community Edition <= 16.1.20170703,
chbi
[oss-security] The Internet Bug Bounty: Data Processing (hackerone.com),
Henri Salo
[oss-security] CSRF vulnerability in Tiki <= 17.0, 16.2, 15.4 LTS and 12.11 LTS,
chbi
[oss-security] [CVE-2017-11321] UCOPIA Wireless Appliance < 5.1.8 Restricted Shell Escape,
Sysdream Labs
[oss-security] [CVE-2017-11322] UCOPIA Wireless Appliance < 5.1.8 Privileges Escalation,
Sysdream Labs
[oss-security] clamav: Out of bounds read and segfault in xar parser,
Hanno Böck
[oss-security] [CVE-2017-6089] PhpCollab 2.5.1 Multiple SQL Injections (unauthenticated),
Sysdream Labs
[oss-security] [CVE-2017-6090] PhpCollab 2.5.1 Arbitrary File Upload (unauthenticated),
Sysdream Labs
[oss-security] [SECURITY] CVE-2017-9794 Apache Geode gfsh query vulnerability,
Anthony Baker
[oss-security] [SECURITY] CVE-2017-9797 Apache Geode client/server authentication vulnerability,
Anthony Baker
[oss-security] binutils: memory allocation failure in _bfd_elf_slurp_version_tables (elf.c),
Agostino Sarubbo
[oss-security] binutils: heap-based buffer overflow in read_1_byte (dwarf2.c),
Agostino Sarubbo
[oss-security] binutils: NULL pointer dereference in scan_unit_for_symbols (dwarf2.c),
Agostino Sarubbo
Mail converted by MHonArc