Red Hat Security Advisory 2014-1824-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
Monthly Archives: November 2014
GLSA 201411-01 (Normal): vlc
VLC: Multiple vulnerabilities
GLSA 201411-02 (Normal): mysql (and 1
MySQL, MariaDB: Multiple vulnerabilities
GLSA 201411-03 (Normal): tigervnc
TigerVNC: User-assisted execution of arbitrary code
DSA-3070 kfreebsd-9 – security update
Several vulnerabilities have been discovered in the FreeBSD kernel that
may lead to a denial of service or information disclosure.
DSA-3069 curl – security update
Symeon Paraschoudis discovered that the curl_easy_duphandle() function
in cURL, an URL transfer library, has a bug that can lead to libcurl
eventually sending off sensitive data that was not intended for sending,
while performing a HTTP POST operation.
Vuln: FreeBSD CVE-2014-3952 Local Information Disclosure Vulnerability
FreeBSD CVE-2014-3952 Local Information Disclosure Vulnerability
Vuln: FreeBSD namei CVE-2014-3711 Remote Denial of Service Vulnerability
FreeBSD namei CVE-2014-3711 Remote Denial of Service Vulnerability
Vuln: cURL/libcURL CVE-2014-0138 Remote Security Bypass Vulnerability
cURL/libcURL CVE-2014-0138 Remote Security Bypass Vulnerability
Vuln: cURL/libcURL CVE-2014-0139 SSL Certificate Validation Security Bypass Vulnerability
cURL/libcURL CVE-2014-0139 SSL Certificate Validation Security Bypass Vulnerability