Säkerhet

Ubuntu Security Notice USN-2421-1

Packet storm - tis, 2014-11-25 17:05
Ubuntu Security Notice 2421-1 - A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Various other issues were also addressed.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2420-1

Packet storm - tis, 2014-11-25 17:05
Ubuntu Security Notice 2420-1 - A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Various other issues were also addressed.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2419-1

Packet storm - tis, 2014-11-25 17:04
Ubuntu Security Notice 2419-1 - A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Various other issues were also addressed.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2416-1

Packet storm - tis, 2014-11-25 17:04
Ubuntu Security Notice 2416-1 - Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). Various other issues were also addressed.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2418-1

Packet storm - tis, 2014-11-25 17:04
Ubuntu Security Notice 2418-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.
Kategorier: Säkerhet

Mandriva Linux Security Advisory 2014-227

Packet storm - tis, 2014-11-25 17:03
Mandriva Linux Security Advisory 2014-227 - The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access. The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service via crafted American Laser Games MM Video data. The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service via crafted CD Graphics Video data. The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted FFV1 data. The updated packages have been upgraded to the 0.10.15 version which is not vulnerable to these issues.
Kategorier: Säkerhet

Mandriva Linux Security Advisory 2014-226

Packet storm - tis, 2014-11-25 17:02
Mandriva Linux Security Advisory 2014-226 - ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code, PCX parser , DCM decoder, and JPEG decoder.
Kategorier: Säkerhet

Mandriva Linux Security Advisory 2014-225

Packet storm - tis, 2014-11-25 17:02
Mandriva Linux Security Advisory 2014-225 - Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Due to an incomplete fix for 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Additionally ruby has been upgraded to patch level 374.
Kategorier: Säkerhet

KMPlayer 3.9.1.130 Denial Of Service

Packet storm - tis, 2014-11-25 06:44
KMPlayer version 3.9.1.130 suffers from an integer division by zero denial of service vulnerability.
Kategorier: Säkerhet

PHP 5.x / Bash Shellshock Proof Of Concept

Packet storm - tis, 2014-11-25 05:33
This is a proof of concept that demonstrates how the Bash shellshock vulnerability can be used in PHP to bypass disable_functions, safe_mode, etc.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2415-1

Packet storm - tis, 2014-11-25 01:33
Ubuntu Security Notice 2415-1 - Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability).
Kategorier: Säkerhet

AIEngine 1.0

Packet storm - tis, 2014-11-25 01:03
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
Kategorier: Säkerhet

Maligno 1.4

Packet storm - tis, 2014-11-25 00:22
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2414-1

Packet storm - mån, 2014-11-24 21:33
Ubuntu Security Notice 2414-1 - Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1894-01

Packet storm - mån, 2014-11-24 20:34
Red Hat Security Advisory 2014-1894-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. A flaw was found in the way Chromium parsed certain URL values. A malicious attacker could use this flaw to perform phishing attacks.
Kategorier: Säkerhet

Gentoo Linux Security Advisory 201411-10

Packet storm - mån, 2014-11-24 20:32
Gentoo Linux Security Advisory 201411-10 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service. Versions less than 11.13.1 are affected.
Kategorier: Säkerhet

Ubuntu: 2413-1: AppArmor vulnerability

Linux Security - mån, 2014-11-24 18:59
Kategorier: Säkerhet