Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitrary code execution.
Monthly Archives: January 2017
CVE-2017-5495
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet ‘vty’ CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface ‘vty’ input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10.
phpMyAdmin-4.6.6-1.fc25
Welcome to **phpMyAdmin 4.6.6**, a release containing security and bug fixes.
This release includes many security fixes of various levels of severity. We recommend all users
upgrade to this release immediately. For full information on the vulnerabilities fixed
and mitigation factors for users who are unable to upgrade, refer to the ChangeLog file included with this release
and the security announcements at https://www.phpmyadmin.net/security/
There have been changes in the behavior of previous version:
* Changed the suggested text in the query window for delete queries to avoid accidental data loss
* Re-introduce a page which shows the output of phpinfo()
Aside from the changes and security improvements, many bugs have been fixed including:
* Parsing of SQL queries with the BINARY function
* Syntax error when adding or changing TIMESTAMP columns with default value as NULL
* Broken “Edit” and “Export” links in the Routines tab
* Creating a new user on older MariaDB servers
* Format button in the SQL tab broken
* Fixes for PHP 7.1
* Problems with MySQL servers running with `lower_case_names=2`
* Fixes for several PHP notices/warnings being shown
And many more. Please see the ChangeLog for full details of bugs fixes.
phpMyAdmin-4.6.6-1.fc24
Welcome to **phpMyAdmin 4.6.6**, a release containing security and bug fixes.
This release includes many security fixes of various levels of severity. We recommend all users
upgrade to this release immediately. For full information on the vulnerabilities fixed
and mitigation factors for users who are unable to upgrade, refer to the ChangeLog file included with this release
and the security announcements at https://www.phpmyadmin.net/security/
There have been changes in the behavior of previous version:
* Changed the suggested text in the query window for delete queries to avoid accidental data loss
* Re-introduce a page which shows the output of phpinfo()
Aside from the changes and security improvements, many bugs have been fixed including:
* Parsing of SQL queries with the BINARY function
* Syntax error when adding or changing TIMESTAMP columns with default value as NULL
* Broken “Edit” and “Export” links in the Routines tab
* Creating a new user on older MariaDB servers
* Format button in the SQL tab broken
* Fixes for PHP 7.1
* Problems with MySQL servers running with `lower_case_names=2`
* Fixes for several PHP notices/warnings being shown
And many more. Please see the ChangeLog for full details of bugs fixes.
Apple issues security patches for … just about everything
If you have a piece of Apple technology in your house or office, chances are that it’s time you updated it.
The post Apple issues security patches for … just about everything appeared first on WeLiveSecurity
Wireshark Analyzer 2.2.4
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
TOR Virtual Network Tunneling Tool 0.2.9.9
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution
This Metasploit module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.
Ubuntu Security Notice USN-3176-1
Ubuntu Security Notice 3176-1 – Peter Wu discovered that the PC/SC service did not correctly handle certain resources. A local attacker could use this issue to cause PC/SC to crash, resulting in a denial of service, or possibly execute arbitrary code with root privileges.
Gentoo Linux Security Advisory 201701-57
Gentoo Linux Security Advisory 201701-57 – Multiple vulnerabilities have been discovered in T1Lib, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.1.2-r1 are affected.