A vulnerability was discovered and corrected in bind: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a denial-of-service vector against affected servers . The updated packages h ...
A vulnerability was found and corrected in libtiff: A stack-based buffer overflow was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code . The updated packages have been patched to correct this issue.
A vulnerability has been found and corrected in gnupg: Versions of GnuPG <= 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing the key . The updated packages have been patched to correct this issue.
Multiple vulnerabilities has been found and corrected in samba : The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a FRAME or IFRAME element . Cross-site request forgery vulnerability in the Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x bef ...
Multiple vulnerabilities has been found and corrected in squid : Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service via invalid Content-Length headers, long POST requests, or crafted authentication credentials . cachemgr.cgi in Squid 3.1.x and 3.2.x, poss ...
Multiple vulnerabilities has been discovered and corrected in php: PHP does not validate the configration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations . PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If a web ap ...
The host is missing a high severity security update according to Google advisory. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList or SVGLengthList SVGList obj ...
The host is missing a high severity security update according to Google advisory. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList or SVGLengthList SVGList obj ...