Ruby: Denial of Service
Monthly Archives: December 2014
GLSA 201412-28: Ruby on Rails: Multiple vulnerabilities
GLSA 201412-28: Ruby on Rails: Multiple vulnerabilities
MDVSA-2014:238: bind
Updated bind packages fix security vulnerability:
By making use of maliciously-constructed zones or a rogue server,
an attacker can exploit an oversight in the code BIND 9 uses to
follow delegations in the Domain Name Service, causing BIND to issue
unlimited queries in an attempt to follow the delegation. This can
lead to resource exhaustion and denial of service (up to and including
termination of the named server process) (CVE-2014-8500).
Vuln: c-icap Server CVE-2013-7402 Multiple Denial of Service Vulnerabilities
c-icap Server CVE-2013-7402 Multiple Denial of Service Vulnerabilities
Vuln: c-icap Server 'request.c' Remote Buffer Overflow Vulnerability
c-icap Server ‘request.c’ Remote Buffer Overflow Vulnerability
Vuln: MediaWiki Cross Site Scripting and PHP Code Injection Vulnerabilities
MediaWiki Cross Site Scripting and PHP Code Injection Vulnerabilities
Fedora 20 Security Update: libhtp-0.5.6-2.fc20
Fedora 21 Security Update: libhtp-0.5.16-1.fc21
Resolved Bugs
1173605 – libhtp: denial of service with specific packets
1173608 – libhtp: denial of service with specific packets [fedora-all]<br
### 0.5.16 (11 December 2014)
* Per personality requestline leading whitespace handling [Victor Julien]
* Improve request line parsing with leading spaces [Victor Julien]
* Harden decompress code against memory stress [Victor Julien]
Fedora 21 Security Update: rpm-4.12.0.1-4.fc21
Resolved Bugs
1172125 – CVE-2014-8118 CVE-2013-6435 rpm: various flaws [fedora-all]
1039811 – CVE-2013-6435 rpm: race condition during the installation process
1168715 – CVE-2014-8118 rpm: integer overflow and stack overflow in CPIO header parsing<br
– Add check against malicious CPIO file name size
– Fix race condidition where unchecked data is exposed in the file system