A type confusion memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user.
Category Archives: Security
Security
Microsoft ATMFD.dll Information Disclosure (CVE-2017-0192)
An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll). The vulnerability is caused when the Adobe Type Manager Font Driver (ATMFD.dll) improperly handles objects in memory. An attacker can exploit this vulnerability by enticing a user to open a specially crafted document resulting in undesired information disclosure.
Microsoft Win32k Elevation of Privilege (CVE-2017-0189)
An elevation of privilege vulnerability exists in Windows. The vulnerability occurs when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode with full user rights.
php-pear-CAS-1.3.5-1.el7
**Changes in version 1.3.5**
* Security Fixes:
* Fix possible authentication bypass in validateCAS20 [#228] (Gregory Boddin)
* Bug Fixes:
* Fix file permissions (non-executable) [#177] (Remi Collet)
* Fixed translations Greek and Japanese [#192] (ikari7789)
* Fix errors under phpdbg [#204] (MasonM)
* Fix logout replication error [#213] (Gregory Boddin)
* Improvement:
* Add more debug info to logout code [#95] (Joachim Fritschi)
* Allow longer ticket >32 chars for PGTStorage [#130] (Joachim Fritchi)
* Improved verification of supplied CA arguments [#172] (Joachim Fritschi)
* Change minimum supported php version to 5.4 in documentation (Joachim Fritschi)
* Add message to CAS_Authentication_Exception [#197] (Baldinof)
* Ingnore composer related files and directories [#201] (greg0ire)
* Add setter for cas client [#206] (greg0ire)
* Add callback for attribute parsing [#205] (Gregory Boddin)
* Added setter for base url [#208] (LeopardDennis)
* Fix documentation of code documentation [#216] (erozqba)
* Improved https detection by HTTP_X_FORWARDED_Protocol [#220] (Gregory Boddin)
* Add language support for simplified chinese [#227] (phy25)
php-pear-CAS-1.3.5-1.fc25
**Changes in version 1.3.5**
* Security Fixes:
* Fix possible authentication bypass in validateCAS20 [#228] (Gregory Boddin)
* Bug Fixes:
* Fix file permissions (non-executable) [#177] (Remi Collet)
* Fixed translations Greek and Japanese [#192] (ikari7789)
* Fix errors under phpdbg [#204] (MasonM)
* Fix logout replication error [#213] (Gregory Boddin)
* Improvement:
* Add more debug info to logout code [#95] (Joachim Fritschi)
* Allow longer ticket >32 chars for PGTStorage [#130] (Joachim Fritchi)
* Improved verification of supplied CA arguments [#172] (Joachim Fritschi)
* Change minimum supported php version to 5.4 in documentation (Joachim Fritschi)
* Add message to CAS_Authentication_Exception [#197] (Baldinof)
* Ingnore composer related files and directories [#201] (greg0ire)
* Add setter for cas client [#206] (greg0ire)
* Add callback for attribute parsing [#205] (Gregory Boddin)
* Added setter for base url [#208] (LeopardDennis)
* Fix documentation of code documentation [#216] (erozqba)
* Improved https detection by HTTP_X_FORWARDED_Protocol [#220] (Gregory Boddin)
* Add language support for simplified chinese [#227] (phy25)
php-pear-CAS-1.3.5-1.el6.1
**Changes in version 1.3.5**
* Security Fixes:
* Fix possible authentication bypass in validateCAS20 [#228] (Gregory Boddin)
* Bug Fixes:
* Fix file permissions (non-executable) [#177] (Remi Collet)
* Fixed translations Greek and Japanese [#192] (ikari7789)
* Fix errors under phpdbg [#204] (MasonM)
* Fix logout replication error [#213] (Gregory Boddin)
* Improvement:
* Add more debug info to logout code [#95] (Joachim Fritschi)
* Allow longer ticket >32 chars for PGTStorage [#130] (Joachim Fritchi)
* Improved verification of supplied CA arguments [#172] (Joachim Fritschi)
* Change minimum supported php version to 5.4 in documentation (Joachim Fritschi)
* Add message to CAS_Authentication_Exception [#197] (Baldinof)
* Ingnore composer related files and directories [#201] (greg0ire)
* Add setter for cas client [#206] (greg0ire)
* Add callback for attribute parsing [#205] (Gregory Boddin)
* Added setter for base url [#208] (LeopardDennis)
* Fix documentation of code documentation [#216] (erozqba)
* Improved https detection by HTTP_X_FORWARDED_Protocol [#220] (Gregory Boddin)
* Add language support for simplified chinese [#227] (phy25)
php-pear-CAS-1.3.5-1.fc26
**Changes in version 1.3.5**
* Security Fixes:
* Fix possible authentication bypass in validateCAS20 [#228] (Gregory Boddin)
* Bug Fixes:
* Fix file permissions (non-executable) [#177] (Remi Collet)
* Fixed translations Greek and Japanese [#192] (ikari7789)
* Fix errors under phpdbg [#204] (MasonM)
* Fix logout replication error [#213] (Gregory Boddin)
* Improvement:
* Add more debug info to logout code [#95] (Joachim Fritschi)
* Allow longer ticket >32 chars for PGTStorage [#130] (Joachim Fritchi)
* Improved verification of supplied CA arguments [#172] (Joachim Fritschi)
* Change minimum supported php version to 5.4 in documentation (Joachim Fritschi)
* Add message to CAS_Authentication_Exception [#197] (Baldinof)
* Ingnore composer related files and directories [#201] (greg0ire)
* Add setter for cas client [#206] (greg0ire)
* Add callback for attribute parsing [#205] (Gregory Boddin)
* Added setter for base url [#208] (LeopardDennis)
* Fix documentation of code documentation [#216] (erozqba)
* Improved https detection by HTTP_X_FORWARDED_Protocol [#220] (Gregory Boddin)
* Add language support for simplified chinese [#227] (phy25)
php-pear-CAS-1.3.5-1.fc24
**Changes in version 1.3.5**
* Security Fixes:
* Fix possible authentication bypass in validateCAS20 [#228] (Gregory Boddin)
* Bug Fixes:
* Fix file permissions (non-executable) [#177] (Remi Collet)
* Fixed translations Greek and Japanese [#192] (ikari7789)
* Fix errors under phpdbg [#204] (MasonM)
* Fix logout replication error [#213] (Gregory Boddin)
* Improvement:
* Add more debug info to logout code [#95] (Joachim Fritschi)
* Allow longer ticket >32 chars for PGTStorage [#130] (Joachim Fritchi)
* Improved verification of supplied CA arguments [#172] (Joachim Fritschi)
* Change minimum supported php version to 5.4 in documentation (Joachim Fritschi)
* Add message to CAS_Authentication_Exception [#197] (Baldinof)
* Ingnore composer related files and directories [#201] (greg0ire)
* Add setter for cas client [#206] (greg0ire)
* Add callback for attribute parsing [#205] (Gregory Boddin)
* Added setter for base url [#208] (LeopardDennis)
* Fix documentation of code documentation [#216] (erozqba)
* Improved https detection by HTTP_X_FORWARDED_Protocol [#220] (Gregory Boddin)
* Add language support for simplified chinese [#227] (phy25)
Ubuntu Security Notice USN-3257-1
Ubuntu Security Notice 3257-1 – A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice USN-3258-1
Ubuntu Security Notice 3258-1 – It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service.