Red Hat Security Advisory 2017-0892-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
Category Archives: Security
Security
Ubuntu Security Notice USN-3258-2
Ubuntu Security Notice 3258-2 – USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the “dict” authentication database. This update reverts the change. It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2017-0901-01
Red Hat Security Advisory 2017-0901-01 – In accordance with the Red Hat Directory Server Life Cycle policy, Red Hat Directory Server 9 will be retired as of June 10, 2017 and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date.
Microsoft Office OneNote 2007 DLL side loading vulnerability
Posted by Securify B.V. on Apr 11
————————————————————————
Microsoft Office OneNote 2007 DLL side loading vulnerability
————————————————————————
Yorick Koster, September 2015
————————————————————————
Abstract
————————————————————————
A DLL side loading vulnerability was found in Microsoft…
CVE-2015-8613
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.
CVE-2015-8568
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
CVE-2015-8666
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
CVE-2013-6647
A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.
CVE-2014-8716
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
CVE-2014-8354
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.