DELTA 388780 0 742 SVN† † .‚Q-•mj‚Å@‚Ž`˜YŠs‚©6 ƒë]‚´#€XJ„®€~`ƒªu€Y‚O 2015-06-07 CVE-2015-1798 CVE-2015-1799 http://archive.ntp.org/ntp4/ChangeLog-stable4-07 † † † ƒ †œ'ƒY€VNƒ¨>€5ƒebkitgtk2.4.8-released.html">

This release fixes the following security issues: CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390url>http://webkitgtk.org/2015/01/07/webkitgtk2.4.8-released.html CVE-2014-1344 CVE-2014-1384 CVE-2014-1385

[369860] High CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer.

[387389] High CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak.

[390624] High CVE-2014-3170: Extension permission dialog spoo’à† † ƒ[ †œ'ƒY€ƒYƒY

[350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.

[330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.

[337746] High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay.

[327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.

[357332] Medium CVE-2014-1725: OOB rea™€† † ‚†œ'ƒY±\…y€‚L‚}o Bas Venis.

[325501] CVE-2013-663719722] Medium CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.

[319835] High CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the ChromiumŸ † † ‚r†œ'ƒY€Ci†—~€‚-‚pvice (application hang) via a large argument to the jdtojewish635 https://bugs.php.net/bug.php?id=64895 2013-05-22 2013-07-16 linux-flashplugin -- multiple vulnerabiliti¥À† † p†œ'ƒY€7G…©·$†š3nates> 2013-04-02 2013-04-02 FreeBSD -- OpenSSLFreeBSD 8.38.3_7 jenkins 1.4981-04">

This advisory announces a security vulnerability that was found in Jenkins core.

An attacker can then use this master cryptographic key to mount ²€† † ‚|†œ'ƒY€#_¸}€W‚zigation of ImageMagick, Tom Lane found that PNG malloc function (Magick_png_malloc) in turn calls AcquireMagickMemory with an improper size argument3438 https://bugzilla.redhat.com/show_bug.cgi?id=844105 54716 http://secunia.com/advisories/50090 http://xforce.iss.net/xforce/xfdb/77259¸ † † ƒ[ †œ'ƒY€ƒYƒYpet master that the master has read-access to.

Arbitrary file delete/D.O.S on Puppet Master from authenticated clients (high). Given a Puppet master with the "Delete" directive allowed in auth.conf for an authenticated host, an attacker on that host can send a specially crafted Delete request that can cause an arbitrary file deletion on the Puppet master, potentially causing a denial of service attack. Note that this vulnerability doe¾À† † ƒ †œ'ƒY€Nï@€}ƒin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encodingcvename>CVE-2012-1178 2012-03-15 2012-04-01 phpMyAdmin -- Path disclosure duÄà† † ƒ†œ'ƒYFƒ¶@€ƒƒUS-CERT/NIST reports:

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 inË€† † /†œ'ƒYf…î;y…ô5€BM—{€j-5 This could open a path for other attacks.

An unsanitized key from the Servers array is written in a comment of the generated confÑ † † ‚+†œ'ƒY€ N…§@°b…ù5€l‚)p://www.videolan.org/security/sa1102.html">
When parsing an invalid MKV (Matroska or WebM) file, input validation are insufficienturl>http://www.videolan.org/security/sa1102.html02 maradns --×À† † ƒ †œ'ƒY€cR†‘6€‚$ƒ//otrs.org/advisory/OSA-2010-03-en/ 2010-09-15c223b00d-e272-11df-8e32-000f20797ede"> mozilla -- Heap buffer overflow mixing document.write and DOM insertion firefox 3.6.*,13.6.12,1 3.5.*,13.5.15,1 http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php http://www.debian.org/security/2010/dsa-2039 2010-04-21 2010-04-24 2013-06-16 moodle -- multiple vulnerabilities
SquidGuard website reports:

Patch 20091015 fixes one buffer overflow problem in sgLog.c when overlong URLs are requested. SquidGuard will then go into emergency mode were no blocking occurs. This is not required in this situation.

ê † † ƒ†œ'ƒY€TƒÊ€‚ƒ an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure leading to a denial of service656 http://lists.quagga.net/pipermail/quagga-dev/2009-April/006541.html CVE-2009-1572 2009-05-04Applying the ``D'' to a file with a crafted file name, or inside a directory with a crafted directory name, can lead to arbitrary code execution.

Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name.

A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possibý€† † ‚e†œ'ƒY€gv‚°@€|‚c mplayer mplayer-esound mplayer-gtk mplayer-gtk2 mplayer-gtk-esound mplayer-gtk2-esound 0.99.11_2The Mplayer team reports:

A buffer overflow was fouƒ † † ƒ[ †œ'ƒY€ƒYƒYes/27093/">
Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service).

Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency extension, and an incorrect use of sizeof() may be exploited to crash an application using the library.

Various out-of-bounds read errors exist ‰À† † ‚{†œ'ƒY€^`‚í;€‚‚yam" instruction can be abused to crash qemu through a division by zero, resulting incvename>CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366 http://lists.debian.org/debian-à† † G†œ'ƒY¸Nâ>„U†k€ q†™OE overwrite, and arbitrary remote code execution as rooturl> http://marc.theaimsgroup.com/?l=bugtraq&m=1161215675301703.1.2Horde 3.1.2 release announcement:

Security Fixes:

Closed XSS problems in dereferrer (IE only), help viewer and problem reporting screen.

Removed unused image proxy code from dereferrer.

€QT…ç8€B‚=n attacker to overwrite arbitrary filesVE-2005-1151 CVE-2005-1152 http://secunia.com/advisories/15475/ 2005-05-26 2005-11-0744e5f5bd-4d76-11da-bf37-000fb586ba73"> pear-PEAR -- PEA¨à† † ‚e†œ'ƒY€‚0v‚ò@³‚cge>0 apache+ipv6 1.3.37 ru-apache 1.3.34+30.22 ru-apache+mod_ssl 1.3.34+30.22+2.8.25A Watchfire whitepaper reports an vulnerability in ¯€† † ƒ[ †œ'ƒY€ƒYƒYresearch/jakarta556_xss.txt http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg66978.html 2005-01-03 2005-06-01 2006-09-12 fswiki -- XSS problem in file upload form fswiki 3.5.6<µ † † ‚W†œ'ƒY€lï?€i‚Uwait for the victim to run Firefox. When Firefox shuts down the victim's directory would be erased28.html https://bugzilla.mozilla.org/show_bug.cgi?id=281284 2005-02-06 2005-02-26
If PHP is not running in safe mode, a problem in the MIME-based transÈ€† † ‚7†œ'ƒY»J=€Zž0€[‚5rability is present only in code used by SSLv2 *servers*xforce.iss.net/xforce/alerts/id/180 http://www.osvdb.org/9116 http://secunia.com/advisories/12362 11015 Î † † ƒ †œ'ƒY€‚ANË}€Jƒg/1999/xhtml">
Midnight Commander uses a fixed sized stack buffer while resolving symbolic links within file archives (tar or cpio). If an attacker can cause a user to process a specially crafted file archive with Midnight Commander, the attacker may be able to obtain the privileges of the target user3-1023