Ubuntu Security Notice 3097-2 – Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. Various other issues were also addressed.
Monthly Archives: October 2016
HP Security Bulletin HPSBNS03661 1
HP Security Bulletin HPSBNS03661 1 – A security vulnerability in OpenSSL was addressed by NonStop Backbox. The vulnerability could be exploited resulting in remote disclosure of information. Revision 1 of this advisory.
Google Splats 21 Bugs In Chrome 54 Patch Run
You've Been Hacked. What Are You Liable For?
Apple Already Has The Tech To ID You Using Your Veins
Royal Navy Tests The Future Skynet That Will Kill Us All
One does not simply return the Note 7 …
There is a Samsung Explosion-Proof return kit for the Note 7. Not kidding!
The post One does not simply return the Note 7 … appeared first on Avira Blog.
php-5.6.27-1.fc23
13 Oct 2016 – **PHP version 5.6.27**
**Core:**
* Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb)
* Fixed bug php#73058 (crypt broken when salt is ‘too’ long). (Anatol)
* Fixed bug php#72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol)
* Fixed bug php#73189 (Memcpy negative size parameter php_resolve_path). (Stas)
* Fixed bug php#73147 (Use After Free in unserialize()). (Stas)
**BCmath:**
* Fixed bug php#73190 (memcpy negative parameter _bc_new_num_ex). (Stas)
**DOM:**
* Fixed bug php#73150 (missing NULL check in dom_document_save_html). (Stas)
**Ereg:**
* Fixed bug php#73284 (heap overflow in php_ereg_replace function). (Stas)
**Filter:**
* Fixed bug php#72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien)
* Fixed bug php#67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE). (levim, cmb)
* Fixed bug php#73054 (default option ignored when object passed to int filter). (cmb)
**GD:**
* Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in palette). (cmb)
* Fixed bug php#50194 (imagettftext broken on transparent background w/o alphablending). (cmb)
* Fixed bug php#73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb)
* Fixed bug php#53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb)
* Fixed bug php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
* Fixed bug php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
* Fixed bug php#73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb)
* Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb)
**Intl:**
* Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas)
**Imap:**
* Fixed bug php#73208 (integer overflow in imap_8bit caused heap corruption). (Stas)
**Mbstring:**
* Fixed bug php#72994 (mbc_to_code() out of bounds read). (Laruence, cmb)
* Fixed bug php#66964 (mb_convert_variables() cannot detect recursion). (Yasuo)
* Fixed bug php#72992 (mbstring.internal_encoding doesn’t inherit default_charset). (Yasuo)
* Fixed bug php#73082 (string length overflow in mb_encode_* function). (Stas)
**PCRE:**
* Fixed bug php#73174 (heap overflow in php_pcre_replace_impl). (Stas)
**Opcache:**
* Fixed bug php#72590 (Opcache restart with kill_all_lockers does not work). (Keyur) (julien backport)
**OpenSSL:**
* Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka)
* Fixed bug php#73275 (crash in openssl_encrypt function). (Stas)
* Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function). (Stas)
**Session:**
* Fixed bug php#68015 (Session does not report invalid uid for files save handler). (Yasuo)
* Fixed bug php#73100 (session_destroy null dereference in ps_files_path_create). (cmb)
**SimpleXML:**
* Fixed bug php#73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas)
**SPL:**
* Fixed bug php#73073 (CachingIterator null dereference when convert to string). (Stas)
**Standard:**
* Fixed bug php#73240 (Write out of bounds at number_format). (Stas)
* Fixed bug php#73017 (memory corruption in wordwrap function). (Stas)
**Stream:**
* Fixed bug php#73069 (readfile() mangles files larger than 2G). (Laruence)
php-5.6.27-1.fc24
13 Oct 2016 – **PHP version 5.6.27**
**Core:**
* Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb)
* Fixed bug php#73058 (crypt broken when salt is ‘too’ long). (Anatol)
* Fixed bug php#72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol)
* Fixed bug php#73189 (Memcpy negative size parameter php_resolve_path). (Stas)
* Fixed bug php#73147 (Use After Free in unserialize()). (Stas)
**BCmath:**
* Fixed bug php#73190 (memcpy negative parameter _bc_new_num_ex). (Stas)
**DOM:**
* Fixed bug php#73150 (missing NULL check in dom_document_save_html). (Stas)
**Ereg:**
* Fixed bug php#73284 (heap overflow in php_ereg_replace function). (Stas)
**Filter:**
* Fixed bug php#72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien)
* Fixed bug php#67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE). (levim, cmb)
* Fixed bug php#73054 (default option ignored when object passed to int filter). (cmb)
**GD:**
* Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in palette). (cmb)
* Fixed bug php#50194 (imagettftext broken on transparent background w/o alphablending). (cmb)
* Fixed bug php#73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb)
* Fixed bug php#53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb)
* Fixed bug php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
* Fixed bug php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
* Fixed bug php#73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb)
* Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb)
**Intl:**
* Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas)
**Imap:**
* Fixed bug php#73208 (integer overflow in imap_8bit caused heap corruption). (Stas)
**Mbstring:**
* Fixed bug php#72994 (mbc_to_code() out of bounds read). (Laruence, cmb)
* Fixed bug php#66964 (mb_convert_variables() cannot detect recursion). (Yasuo)
* Fixed bug php#72992 (mbstring.internal_encoding doesn’t inherit default_charset). (Yasuo)
* Fixed bug php#73082 (string length overflow in mb_encode_* function). (Stas)
**PCRE:**
* Fixed bug php#73174 (heap overflow in php_pcre_replace_impl). (Stas)
**Opcache:**
* Fixed bug php#72590 (Opcache restart with kill_all_lockers does not work). (Keyur) (julien backport)
**OpenSSL:**
* Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka)
* Fixed bug php#73275 (crash in openssl_encrypt function). (Stas)
* Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function). (Stas)
**Session:**
* Fixed bug php#68015 (Session does not report invalid uid for files save handler). (Yasuo)
* Fixed bug php#73100 (session_destroy null dereference in ps_files_path_create). (cmb)
**SimpleXML:**
* Fixed bug php#73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas)
**SPL:**
* Fixed bug php#73073 (CachingIterator null dereference when convert to string). (Stas)
**Standard:**
* Fixed bug php#73240 (Write out of bounds at number_format). (Stas)
* Fixed bug php#73017 (memory corruption in wordwrap function). (Stas)
**Stream:**
* Fixed bug php#73069 (readfile() mangles files larger than 2G). (Laruence)
Information security: A career at the forefront of an exciting industry
Demand for information security specialists is growing, and there are many routes to qualification. Do you have the skills to transform cybersecurity?
The post Information security: A career at the forefront of an exciting industry appeared first on WeLiveSecurity.
