DELTA 452842 0 40400 SVN J:v@H!S27229c67-b8ff-11e7-9f79-ac9e174be3af"> openofficeapache-openoffice 4.1.4 apache-openoffice-devel 4.2.1810071_1,4The Apache Openofffice project reports:

2017-10-24 2017-10-24N#Jv@tL gdk-pixbufgtk-pixbuf2 2.36.7TALOS reports:

  • An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality.

  • An exploita  t x^n E3OafΐP7M_{Dy4>.Z@yN%b^햑1,;_X/Qaǝ{dA6&G,2s78숐x >-< μ] ˍ(4A Q WT1AQŅT,Nj* t GkTC*Wx3Wւ{+vS{y|˓TeJՂ7ͿomRjcmM= t?x^]QN0]ӯu yTrW,@]{XڑI7HXdON1xGDG;O>Zc@Ÿ`{N WPn}j3Rwl=/DuPíA Bۑi2x=X$, )`+n5Κc튿XK4!kwLң,,ɦ0}#K,KI4d>Å$Vfe^yYT8FlߞDbF~gZ#v

    Guest userspace which can invoke the instruction emulator can use this flaw to escalate its privilege to that of the guest kernel10013 http://xenbits.xen.org/xsa/advisory-204.html 2016-12-19 2016-12-20 atheme-servicesatheme-services}[+JN $%n- (p)v@ڰÔ lzٔMJ7txd6˯m2,bVF?8Yv:? |}ͧ5 'K=N4^i;t;figured and used by the system administrator5-5677 SA-16:06.bsnmpddfc135-600a-11e6-a6c3-14dae9d210b8"> FreeBSD -- TCP MD5 signature denial of servicenT={~Qwmtlmbox/CVE-2016-4979-68283 2016-07-01 2016-07-05 xen-tools -- Unrestricted qemu logg80.html">

    When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to 6i=mt#x^Pj0dIKv$/BJȒNqگ6]wG^*RۜNȹfۗh'Yռ`R`^-Grs^S>RLE%d1MTkX EESzZavDAQqsz#,5zYnTBmM+p/O ?=/Fcjw04ڢc*Y͆a UlqNQ>bӜ4 ~gezV4Ҕ.o?x<\}o=1ijs Kinkhorst reports:

    James Clawson reported:

    "Arbitrary files with a known path can be accessed in websvn by committing a symlink to a repository and then downloading the file (using the download link).

    An attacker must have write access to the repo, and the download option must have been enabled in the websvn config file."xNXg&Nvoom search page.

  • With a crafted hostname header, it is possible to trigger an XSS attacks in the home page.

We consider these vulnerabilities to be non-critical.

These vulnerabilities can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pagesurl>https://www.phpmyadmin.net/security/PMASA-2016-3/ CVE-2016-2040 2 [ct18662">

The ff_dwt_decode function in libavcˀ | ]r1C]x^KLNLORTS3Լ} \IQbPMN>i/HD1fSqjQYj-m*H-JK45%Wz&fԱe=b aa2ѠqO|[N~ktostrated by an AVI file.

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo datacvename>CVE-2015-6818 CVE-2015-6819 CVE-2015-6820 1.0.0

Remediation Summary: Users should upgrade to 1.6.1 or later, or constrain access to the snapshot API to trusted sources5531NqQO@AtLvileges of the 'lp' user.

Tim Waugh5">

The Page allocation is moved into textcommon.c, where it does all the necessary checking: lower-bounds for CVE-2015-3258 and upper-bounds for CVE-2015-3259 due to integer overflows for the calloc() call initializing Page[0] and the memset() call in texttopdf.c's WritePage() function zeroing the entire arracvename>CVE-2015-3279 https://access.redhat. Z t x^m]O0k8`/$(` &.vNֵzdQdhzsާo~x{_s5w^"/~ + *P@^q=u`܀9 qV2A3%{QЪNO`荔&hK(OV$P'q&]/H!w=e4$N+- +݉KAh̬BNprkg%fUc T!m!dy LƸw;ZKYLUWYLZAW'F’)VCAv%k' f]j0ẛoj5CeXpUs|Htc linux-thunderbird 31.5.0 seamonkey 2.335511 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

<NJ} v?tL-6f4f-11e4-a444-00262d5ed8ee"> chromiumchromium 39.0.2171.65 chromium-pulse 39.0.2171.65Google Chrome Releases reports:

42 security fixes in this release, including:

  • [389734] High CVE-2014-7899: Address bar spoofing. Credit to ,^}@jt*etween processes that should not be able to communicat4-3477 http://lists.freedesktop.org/archives/dbus/2014-June/016220.html 2014-06-10 2014-06-14 b*6 SA-13:04.bind https://kb.isc.org/article/AA-0087169bfc852-9bd0-11e2-a7be-8c705af55518"> FreeBSD -- OpenSSLFreeBSD 8.38.3_7 9.09.0_7 9.19.1_C_<_Squid developers report:

    Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests.

    This problem allows any client able to reach the cachemgr.cgi to perform a denial of service attack on the service host.

    The nature of the attack may cause secondary effects through resource consumption on the host server R t x^N0k}/M @tڥ=e$^L]0iWa6$Y8 ' 1[7kcy]^vv_1Te֛dH],+rQ-wB`;Hea;22*6e%oft~bfpֈOaRRRRbY<}Җ6PInԙFM΅ h t x^uN0EWK:4L# b0;N%)ɱ#M~qϣxϹqvi!88Qw "M!lNn Wcwd~%u>)ْʐ9_&wo*KAچHnf46uV ,gs`N!РB= (LѠBe.~߅ m t x^uN0E#IIUTTH`[9$55e;뙄GUFϹwfu]Gfg">^*VEY4XyeoJ;/o@(cU$l-pɥ v5$Q˧0$I'YsۘePZF2Fm>HJ'}yUhA-hǤo_Bo4fSVB"~Ƚ k%Z IDjL.1mYЍ=4uq\Zϛ͜g|gS*4ߣpեdMN[?7O ÐmXXN]ۍE#Ǡҝ ? N@t>x^PAN0E6g!e6e62Lp*:))hm\od2eye}D0911,1 3.5.*,13.5.1411149=bv@Ttsa-2030 2010-04-06 2010-04-18

    Sudo's command matching routine expects actual commands to include one or more slash ('/') characters. The flaw is that sudo's path resolution code BJ>nJ{t@8<@ after changing his password.

    • CVE-2009-3125 CVE-2009-3165 CVE-2009-3166 http://www.bugzilla.org/security/3.0.8/ 2009-09-11 2009-09-17 horde-basehorde-base 3.3.5ȀM71=?Qt0fe73a4a-1b18-11de-8226-0030843d3802"> pivot-weblog -- file deletion vulnerability pivot-weblog 1.40.74302">

    A vulnerability has been discovered in Pivot, which can be exploited by malicious people to delete certain files.

    Input passed to the "refkey" parameter in extensions/bbclone_tΠK}^t.x^uN1Dk).(4D ,l\c;[oƏ$_X,$e6`Ow+L|tv܊T_1aEd˶u)aUBo~XHHidCOÒbpdEE.넍K]B)њcO{̟Nz1)%Ӆ'N]-;"U2r"#7]q6x =2uWX^;_~H]QjWzγ _ٵ&#.ꢪ鸩Ϋj.ӺzO^kvc"n9 y t x^MRr0 ۧe4=s5Cf"i%@y{A9@A*!y 'xITl@YTtC !5w!ai+j+߉ͧKJeʊs XH+[sZ7^ $e `%¨k}c 6ϡȀ4|uBфΤ(TIdܽ0ƥw$7~ {>Y=zKRt$jiP.&q"#l:IigaS?kM)SvRsNE+Ss?i:ӫ†baXzr_x۬E0#DjcU8~.[/2j?/S Y t x^}Rr0 ۧu瘚![:F],e}) @-1Gg@41 OIG}-E5ZK}_#GI@wo'T`v!dr=˩i\Y;Il,Tl8-hIAq 7Nt<3,7NS<, +mp¹*PRW/s魺1:c?XTo[C64ϓ?H,e-ӗkv߻.\}{(eDz\׍JQ̕mjL6=ٕ|wĒlє 0.91.p>BugTraq reports:

    ClamAV is prone to multiple denial-of-service vulnerabilities.

    A successful attack may allow an attacker to crash the application and deny service to users98 CVE-2007-4510 2007-08-21 2007-09-21 fK]/Re5\L5*|?O\N#c 8aހ$=~>H'01& $Aw1go]#e Cp$bיܓB MB2=b%]?ߟ._CL$,!+"LDXH :Nidܬ{0$ 2y wtw92006.133.html">

    The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.

    It was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one oft{Y?4@A Secunia Advisory reports:

    Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system.

    The weakness is cause due to a heap corruption within the "xineplug_inp_http.so" plugin when handling an overly large reply from the HTTP server. This can be exploited to crash an application that uses the plugin (e.g. gxine)L]@t/x^]PN00Eiic uTS7B,Uf7 `z[tJ^`HpQ0nA#nFƐj)vAuDo1'%51& FC I t x^͎ }t2? H`4ӷڙV瞜|@ 9'8~,RfU?0aWPZ&5+8X (:壪|T) ; M[Uz3ka\oſ!lQ s9qMl񊉊!jT1EB)Ղ~=nViҨlq"ΧR<*PtP42.html">

    Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

    1. The problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's b p t x^mK0 _{RC~m,۱-ɘ \$'% KU(楸7FOj㜅a&ycMqt}q']27em[#϶~Ým@L!ɣ)=JKZfma덧d72(BHu֚(AKrR1m[+<\J7U;M'i>
      ^a!sgIu] Ibl#O*srQHj IoGs۾k= *):47-;x8YڂpcyY$)sg\ƚnP\٤| W t x^I0 ґA\h PCO8$M{Mۿqהbyo8>y0 Ⱥ>Om *T^ת_ @Da_4EnھK@[>_2)Q"Gy1i $d[KAr{7u:jPf+80D E}ҮT~ ѝpfk q:qMYGN&M>x^r )vr7&U:ę\{+t6$&^ioUfqM}F4M)vLԾm6eh@x/Zh R  Y#Lv곟}H+\T3 N3p=J-&v|hgm0e1eyƉшWZ,I'Km_6A{ y,Fl+&}n-9Y߅"gs9xBF+J^:d@syL8-8yyvq]7eXQ=,IC