Monthly Archives: April 2015

NVD

CVE-2015-1662 (internet_explorer)

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1659 and CVE-2015-1665.

NVD

CVE-2015-1665 (internet_explorer)

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1659 and CVE-2015-1662.

NVD

CVE-2015-1666 (internet_explorer)

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1652.

Fedora

Fedora EPEL 7 Security Update: qt5-qtbase-5.4.1-9.el7

Resolved Bugs
1210675 – Invalid bug number
1210673 – Invalid bug number
1210674 – Invalid bug number<br
Multiple vulnerabilities were found in Qt image format handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution.
See also http://lists.qt-project.org/pipermail/announce/2015-April/000067.html

Full Disclosure

Problems in automatic crash analysis frameworks

Posted by Tavis Ormandy on Apr 14

Hello, this is CVE-2015-1318 and CVE-2015-1862 (essentially the same bugs in
two different implementations, apport and abrt respectively). These were
discussed on the vendors list last week.

If the first character of kern.core_pattern sysctl is a pipe, the kernel
will invoke the specified program, and pass it the core on stdin. Apport
(Ubuntu) and Abrt (Fedora) use this feature to analyze and log crashes.

Since the introduction of containers,…