-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> release is 0.6.5.
>
> The program uses predictable filenames for files in /tmp, which produces a
> race
> condition
>
> I'm Debian maintainer for this software.
>
> https://bugs.debian.org/756432
Use CVE-2015-7758.
Note that the discussion
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linux kernel commit ccfe8c3f7e52 (crypto: aesni - fix memory usage in
GCM decryption) fixes two bugs in pointer arithmetic that lead to
buffer overruns (even with valid parameters!):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There is a local DoS triggered by use of the TCP Fast Open option,
specific to Linux stable branches, as a result of an incompletely
backported bug fix:
https://bugs.debian.org/782515
http://thread.gmane.org/gmane.linux.network/359588
The
On Tue, 30 Dec 2014, Moritz Muehlenhoff wrote:
On Mon, Dec 08, 2014 at 01:45:12PM +0100, Vasyl Kaigorodov wrote:
Hello,
A buffer overflow was reported [1] in mpfr.
This is due to incorrect GMP documentation for mpn_set_str about the
size of a buffer (discussion is at [1]; first fix in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114
I created a minimal test case in around 200 lines.
It uses a file with the intercepted scanlines of the calls to
jpeg_write_scanlines.
Also the Exif marker is read from such a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125
mutt segfaults when trying to show the attached message. (You might need
to disable header weeding to trigger the crash.)
Use CVE-2014-9116.
- --
CVE assignment team, MITRE CVE Numbering
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It was reported that Icecast could possibly leak the contents of
on-connect scripts to clients, which may contain sensitive information.
This issue has been fixed in the 2.4.1 release:
Fix on-connect and on-disconnect script STDIN/STDOUT/STDERR
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There is a command injection flaw in lsyncd, a file change monitoring
and synchronization daemon:
https://github.com/axkibe/lsyncd/issues/220
https://github.com/creshal/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
because the build directory is predictable a local DoS is possible
simply by creating a /tmp/pip-build-username/ directory owned by
someone other than the defined user
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282
Use CVE-2014-5459.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
mkdtskel and mkxmltype using insecurely temporary files using the pid
of the process in the temporary file name.
/tmp/_xml_$$
https://bugs.debian.org/756566
Use CVE-2014-5260.
fixed in XML-DT 0.65 upstream, see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
rs_filter_graph in librawstudio/rs-filter.c
/tmp/rs-filter-graph
/tmp/rs-filter-graph.png
This allows the truncation of arbitrary files
Use CVE-2014-4978.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The bug is caused by allowing the user to supply a negative index
value.
http://bugs.python.org/issue21529
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395
https://bugzilla.redhat.com/show_bug.cgi?id=1112285
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to the manual page, after calling it with 1 as a second
argument, any consecutive system calls other than read(), write(),
_exit() and sigreturn() should result in the delivery of SIGKILL.
However, under MIPS any consecutive system call
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://defuse.ca/audits/encfs.htm
the last one sounds CVE worthy
Use CVE-2014-3462 for that issue, i.e., 'The purpose of MAC headers is
to prevent an attacker with read/write access to the ciphertext from
being able to make changes without being
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746322 and
https://github.com/defnull/bottle/issues/616 report an issue where
Bottle treated text/plain;application/json as JSON, allowing security
mechanisms to be bypassed.
Use CVE-2014-3137.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jakub Wilk discovered that clang's scan-build utility insecurely handled
temporary files.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817
The GetHTMLRunDir subroutine ...
3) The function doesn't fail if the directory already exists,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Debian report is about single quotes. On Fedora
(https://bugzilla.redhat.com/show_bug.cgi?id=1077059) double quotes were
needed.
The recent upstream patch:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Use CVE-2014-2277 for the issue in which, on all platforms, the
filename string returned by make_temporary_filename might be used for
an attacker's symlink before that filename is used by the perltidy
code to write lines into a file.
$^O =~
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536
From brief testing on Fedora with Samba and the create mask smb.conf
option, this issue only presented when running xfe as the root user. The
intended mask was used when running xfe as an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
suPHP 0.7.2 has been released.
This release fixes a security issue that was introduced with the 0.7.0
release. This issue affected the source-highlighting feature and could
only be exploited, if the suPHP_PHPPath option was set. In this case
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jakub Wilk reported insecure temporary file use in f2py.
numpy/f2py/__init__.py contains this code:
fname = os.path.join(tempfile.mktemp()+'.f')
f = open(fname,'w')
Can a CVE please be assigned if one hasn't been already?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
open(/tmp/5KKGPDNyy0, O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE,
Use CVE-2014-1875.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://bugzilla.redhat.com/show_bug.cgi?id=1060630#c5
* Mon Feb 12 2001 Tim Waugh twa...@redhat.com
- Fix tmpfile security patch so that it actually _works_ (bug #27155).
And notes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://bugzilla.redhat.com/show_bug.cgi?id=1060630#c5
* Fri Jan 05 2001 Preston Brown pbr...@redhat.com
- security patch for tmpfile creation from Olaf Kirch o...@lst.de
followed the next month by a fix to that patch:
* Mon Feb 12 2001 Tim
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If a local attacker can predict this filename, and precreates a
symlink with the same filename that points to an arbitrary directory
with mode 755, owner root and group root, then the attacker will
succeed in making Phusion Passenger write files
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
as reported by Jakub Wilk in http://bugs.debian.org/736247, there is a
TOCTOU failure in python's xdg module
1) Create symlink /tmp/pyxdg-runtime-dir-fallback-victim, pointing to a
directory owned by the victim
Use CVE-2014-1624.
- --
CVE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.openwall.com/lists/oss-security/2014/01/07/10
gdm3 needs one also
Basically, when gdm3 is configured to not show a list of users (but
instead shows a blank box for the login prompt), if the user clicks
cancel or hits the escape key,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
christian mock c...@coretec.at has reported[1] that Proc::Daemon, when
instructed to write a pid file, does that with a umask set to 0, so
the pid file ends up with world-writable permissions.
Upstream bugreport is at [2].
[1]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This verison of ack prevents the --pager, --regex and --output
options from being used from project-level ackrc files. It is
possible to execute malicious code with these options
Use CVE-2013-7069.
- --
CVE assignment team, MITRE CVE Numbering
30 matches
Mail list logo