Mandriva Linux Security Advisory 2015-027 – Multiple vulnerabilities has been found and corrected in the Linux kernel. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service by triggering a large number of chunks in an association’s output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.

NVD

CVE-2014-9602

January 16, 2015 007admin

libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.

NVD

CVE-2014-9603

January 16, 2015 007admin

The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data.

NVD

CVE-2014-9604

January 16, 2015 007admin

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.

007 Software

Monthly Archives: January 2015

VeryPhoto 3.0 Command Injection

Sim Editor 6.6 Buffer Overflow

Facebook Mobile Parameter Tampering Bypass

CatBot 0.4.2 SQL Injection

Pandora FMS 5.1 SP1 Cross Site Scripting

Debian Security Advisory 3129-1

Mandriva Linux Security Advisory 2015-027

CVE-2014-9602

CVE-2014-9603

CVE-2014-9604

Software and Security Information