Monthly Archive: May 2016

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation. Date published : 2016-05-13...

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read. Date published :...

Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates. Date published : 2016-05-13 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818...

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator...

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. Date published : 2016-05-13 http://botan.randombit.net/security.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183669.html

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via...

Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors. Date...

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based...

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus....

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. Date published : 2016-05-13 http://www.securityfocus.com/bid/90502 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a...

Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests. Date published : 2016-05-13 http://www.ubuntu.com/usn/USN-2955-1

The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service...

Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. Date published : 2016-05-11 http://www.securityfocus.com/bid/90522 http://zerodayinitiative.com/advisories/ZDI-16-330/