CentOS Errata and Security Advisory 2016:0685 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: acc0e05d8f247791db76ab9b21359abc7908c1ab9ead506964b52955287fe25b nss-3.21.0-9.el7_2.i686.rpm 33e2a1aa657f809c53449627200616b683de444300a5b2c2a79510e3e5912b00 nss-3.21.0-9.el7_2.x86_64.rpm bce90a8604496832d35d0cfefa05a552f9f3e1d866d5f6dfb0c1763d5ad34009 nss-devel-3.21.0-9.el7_2.i686.rpm ab4370a426efcdbf15bc1730f3a077150a597edb103ebbabaceb39d84f0fb96c nss-devel-3.21.0-9.el7_2.x86_64.rpm 87f7e4956ae9aeff3821b2b28b9f3500b94b0037d9280b10149833b3e4a65902 nss-pkcs11-devel-3.21.0-9.el7_2.i686.rpm e1ac83844836b6605c439bb5fa70be50163b9154d27ffcb45fc01c183fdc9c29 nss-pkcs11-devel-3.21.0-9.el7_2.x86_64.rpm 2a0881f7703e23a95aa8db53858285793eb30ceb198a7a20fa816c60e472a15d nss-sysinit-3.21.0-9.el7_2.x86_64.rpm abb98d8a2a2737ab4031c145c1503cf31bb3b2b54983547e2675b0b08805eaf6 nss-tools-3.21.0-9.el7_2.x86_64.rpm Source: 7b8295c752cbd420b5ae52a8b4aa8fa9b6979c57f9caa8279c14e3865ce62883 nss-3.21.0-9.el7_2.src.rpm
Monthly Archives: April 2016
i-Tech Nepal Radio CMS 2.0 SQL Injection
i-Tech Nepal Radio CMS version 2.0 suffers from a remote SQL injection vulnerability.
CVE-2015-8852
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
CVE-2016-4051
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
CVE-2016-4052
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-4053
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
CVE-2016-4054
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.