CentOS Errata and Security Advisory 2016:0063 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0063.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b172e4c9936ba6db7e7df9a611f2ba305b0682bb0545c03ba23bc501ae7833f8 ntp-4.2.6p5-5.el6.centos.4.i686.rpm 0cbe654866db67e07ba4dbea484f6eea8136a0a23e5123dfebf1ac097162dfb4 ntpdate-4.2.6p5-5.el6.centos.4.i686.rpm 9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993 ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm 4fdf6a42d2a1178394d328832e70284d631a0b14535af97ffa94d659b545d4b8 ntp-perl-4.2.6p5-5.el6.centos.4.i686.rpm x86_64: c9bcbc789b84223a297f54197d407520f56d0d4d4775787dd0f746426d2e8866 ntp-4.2.6p5-5.el6.centos.4.x86_64.rpm 07fcdccf4e98b884fc6e99bf568fb037547d7340083ba913d598d0b53cc162d7 ntpdate-4.2.6p5-5.el6.centos.4.x86_64.rpm 9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993 ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm c2069c233875863df714450ba095380586746768fab379e7fe737c915e27721f ntp-perl-4.2.6p5-5.el6.centos.4.x86_64.rpm Source: 7a3f04e3f4c7402309a5a7cbf9a7997778298cd1dbac24efd2ca98b9d75eacec ntp-4.2.6p5-5.el6.centos.4.src.rpm
Monthly Archives: January 2016
Linux Kernel prima WLAN Driver Heap Overflow
The Linux prima WLAN driver suffers from a heap overflow vulnerability.
WordPress Appointment Booking Calendar 1.1.23 SQL Injection
WordPress Appointment Booking Calendar plugin versions 1.1.23 and below suffer from a remote SQL injection vulnerability.
Linux x86_64 xor/not/div Encoded execve Shellcode
Linux x86_64 xor/not/div encoded execve shellcode.
CVE-2016-1612 (chrome)
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.
CVE-2016-1613 (chrome)
Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.
CVE-2016-1614 (chrome)
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2016-1615 (chrome)
The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document’s origin via unspecified vectors.
CVE-2016-1616 (chrome)
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.
CVE-2016-1617 (chrome)
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.