The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory
This update doesn't fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the "retpoline" mitigation for CVE-2017-5715 (Spectre variant 2).
It was discovered that there was an input validation vulnerability in the patch(1) utility where an ed(1) script embedded in a regular input file could result in arbitrary code execution. This was reported by Rachel Kroll [0] et al.
A NULL Pointer Dereference was discovered in the TIFFPrintDirectory function (tif_print.c) when using the tiffinfo tool to print crafted TIFF information. This vulnerability could be leveraged by remote attackers to cause a crash of the application.
A NULL Pointer Dereference was discovered in the TIFFPrintDirectory function (tif_print.c) when using the tiffinfo tool to print crafted TIFF information. This vulnerability could be leveraged by remote attackers to cause a crash of the application.
GwanYeong Kim reported that 'pack()' could cause a heap buffer write overflow with a large item count. For Debian 7 "Wheezy", these problems have been fixed in version
This is an update to DLA-1283-1. In DLA-1283-1 it is claimed that the issue described in CVE-2018-6594 is fixed. It turns out that the fix is partial and upstream has decided not to fix the issue as it would break compatibility and
Lilith of Cisco Talos discovered several buffer overflow vulnerabilities in the SDL Image library which can be leveraged by attackers to execute arbitrary code via specially crafted image files.
Multiple invalid frees and buffer-overflow vulnerabilities were discovered in sam2p, a utility to convert raster images and other image formats, that may lead to a denial-of-service (application crash) or unspecified other impact.
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, unauthorized access, sandbox bypass or HTTP header injection.
It was discovered that there was a local privilege escalation vulnerability in beep, an "advanced PC speaker beeper". For Debian 7 "Wheezy", this issue has been fixed in beep version
Multiple vulnerabilities were found in the rubygems package management framework, embedded in JRuby, a pure-Java implementation of the Ruby programming language.
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues:
libvncserver version through 0.9.11. does not sanitize msg.cct.length which may result in access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in
