Tinc Virtual Private Network Daemon 1.0.31

January 16, 2017 007admin

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Security

Botan C++ Crypto Algorithms Library 1.10.15

January 16, 2017 007admin

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Security

Gentoo Linux Security Advisory 201701-37

January 16, 2017 007admin

Gentoo Linux Security Advisory 201701-37 – Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code. Versions less than 2.9.4-r1 are affected.

Security

Apache NiFi 1.0.0 / 1.1.0 Cross Site Scripting

January 16, 2017 007admin

Apache NiFi versions 1.0.0 and 1.1.0 suffer from a cross site scripting vulnerability.

Security

Tenda ADSL2/2+ Modem D840R DNS Changer

January 16, 2017 007admin

Tenda ADSL2/2+ Modem D840R unauthenticated remote DNS changer exploit.

Security

Pirelli DRG A115 ADSL Router DNS Changer

January 16, 2017 007admin

Pirelli DRG A115 ADSL router unauthenticated remote DNS changer exploit.

Security

Android ssp_batch_ioctl Out-Of-Bounds Write

January 16, 2017 007admin

Android suffers from an out-of-bounds write in ssp_batch_ioctl.

Fedora

qemu-2.6.2-6.fc24

January 16, 2017 007admin

* CVE-2016-6836: vmxnet: Information leakage in vmxnet3_complete_packet (bz #1366370)
* CVE-2016-7909: pcnet: Infinite loop in pcnet_rdra_addr (bz #1381196)
* CVE-2016-7994: virtio-gpu: memory leak in resource_create_2d (bz #1382667)
* CVE-2016-8577: 9pfs: host memory leakage in v9fs_read (bz #1383286)
* CVE-2016-8578: 9pfs: potential NULL dereferencein 9pfs routines (bz #1383292)
* CVE-2016-8668: OOB buffer access in rocker switch emulation (bz #1384898)
* CVE-2016-8669: divide by zero error in serial_update_parameters (bz #1384911)
* CVE-2016-8910: rtl8139: infinite loop while transmit in C+ mode (bz #1388047)
* CVE-2016-8909: intel-hda: infinite loop in dma buffer stream (bz #1388053)
* Infinite loop vulnerability in a9_gtimer_update (bz #1388300)
* CVE-2016-9101: eepro100: memory leakage at device unplug (bz #1389539)
* CVE-2016-9103: 9pfs: information leakage via xattr (bz #1389643)
* CVE-2016-9102: 9pfs: memory leakage when creating extended attribute (bz #1389551)
* CVE-2016-9104: 9pfs: integer overflow leading to OOB access (bz #1389687)
* CVE-2016-9105: 9pfs: memory leakage in v9fs_link (bz #1389704)
* CVE-2016-9106: 9pfs: memory leakage in v9fs_write (bz #1389713)
* CVE-2016-9381: xen: incautious about shared ring processing (bz #1397385)
* CVE-2016-9921: Divide by zero vulnerability in cirrus_do_copy (bz #1399054)
* CVE-2016-9776: infinite loop while receiving data in mcf_fec_receive (bz #1400830)
* CVE-2016-9845: information leakage in virgl_cmd_get_capset_info (bz #1402247)
* CVE-2016-9846: virtio-gpu: memory leakage while updating cursor data (bz #1402258)
* CVE-2016-9907: usbredir: memory leakage when destroying redirector (bz #1402266)
* CVE-2016-9911: usb: ehci: memory leakage in ehci_init_transfer (bz #1402273)
* CVE-2016-9913: 9pfs: memory leakage via proxy/handle callbacks (bz #1402277)
* CVE-2016-10028: virtio-gpu-3d: OOB access while reading virgl capabilities (bz #1406368)
* CVE-2016-9908: virtio-gpu: information leakage in virgl_cmd_get_capset (bz #1402263)
* CVE-2016-9912: virtio-gpu: memory leakage when destroying gpu resource (bz #1402285)

Security Focus

Vuln: QEMU 'hw/net/pcnet.c' Remote Buffer Overflow Vulnerability

January 16, 2017 007admin

QEMU ‘hw/net/pcnet.c’ Remote Buffer Overflow Vulnerability

Security Focus

Vuln: QEMU 'fw_cfg_write()' Function Remote Code Execution Vulnerability

January 16, 2017 007admin

QEMU ‘fw_cfg_write()’ Function Remote Code Execution Vulnerability

007 Software

Monthly Archives: January 2017

Tinc Virtual Private Network Daemon 1.0.31

Botan C++ Crypto Algorithms Library 1.10.15

Gentoo Linux Security Advisory 201701-37

Apache NiFi 1.0.0 / 1.1.0 Cross Site Scripting

Tenda ADSL2/2+ Modem D840R DNS Changer

Pirelli DRG A115 ADSL Router DNS Changer

Android ssp_batch_ioctl Out-Of-Bounds Write

qemu-2.6.2-6.fc24

Vuln: QEMU 'hw/net/pcnet.c' Remote Buffer Overflow Vulnerability

Vuln: QEMU 'fw_cfg_write()' Function Remote Code Execution Vulnerability

Software and Security Information