similar to: Bug#436250: CVE-2007-0998: possible vulnerability

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

Package: xen-3 Severity: grave Tags: security Justification: user security hole Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2008-2004[0]: | The drive_init function in QEMU 0.9.1 determines the format of a raw | disk image based on the header, which allows local guest users to read | arbitrary files on the host by modifying the header to identify

Good day. Spotted the CVE-2007-1870: the clamav 0.90.2 is already in the ports, but no sign of the issue in the VuXML. The entry is attached. One thing that is a bit strange is that the ChangeLog for the ClamAV (http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog) says about CVE-2007-1997 as the libclamav/cab.c log entry, but I think they are messed the numbers -- there is no such CVE, at

On 03/12/2016 12:08, Jeremiah C. Foster wrote: > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which > merits a > CVE. See details below. If you haven't configured any > auth_policy_* > settings you are ok. This

A security vulnerability has been disclosed in Ruby on Rails, assigned CVE-2013-0333. The vulnerability in the JSON code for Ruby on Rails allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. CVE details on the vulnerability can be found here:

> On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jeremiahfoster.com> wrote: > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2.

On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:? > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we > > have a bug in dovecot, which > > merits a > > CVE.

On Sat, 2016-12-03 at 21:25 +0200, Aki Tuomi wrote: > > On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jerem > > iahfoster.com> wrote: > > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi

Hi folks. We were made aware of a MITRE CVE assignment on OpenSSH for a remote DoS in sftp, described as: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via

Hi, FYI - don't sue me for posting this here - I know, everyone who needs this info *should* have it already, but maybe not ;-) Kind regards, B. Courtin -- OpenSSL Security Advisory [30 July 2002] This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory. Advisory 1 ========== A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are

On 02.12.2016 10:45, Jonas Wielicki wrote: > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: >> We are sorry to report that we have a bug in dovecot, which merits a >> CVE. See details below. If you haven't configured any auth_policy_* >> settings you are ok. This is fixed with >> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13

hi all, i haven't seen any discussion here of this issue, nor do i see any obviously related (open) bugs in bugzilla. It's not clear to me from the CVE how important this issue is or isn't, but i'm a bit concerned. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4091 thanks as always to wayne & the other contributors

Package: xen-3 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2008-4405[0]: | xend in Xen 3.0.3 does not properly limit the contents of the | /local/domain xenstore directory tree, and does not properly restrict | a guest VM's write access within this tree, which allows guest OS | users to cause a denial of

Dear list, About a week ago, right after 5.4-RELEASE was released, I received a mail from Gentoo Linux's security announcement list about a flaw in tcpdump and gzip. Since none of them are operating system related, I assumed a -p1 and -p2 of the 5.4-RELEASE. Instead, we got a patch for the HTT security issue so I wonder, is the FreeBSD version of tcpdump and/or gzip are secured or simply

Dear Xen Maintainers The following CVEs(0,1) have been filled against xen. Could you please check, whether they affect any debian versions and how important they are? They are rather left over on our TODO list and I'd like to forward them to you for checking. CVE-2008-1944: Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-1320[0]: | Multiple heap-based buffer overflows in the cirrus_invalidate_region | function in the Cirrus VGA extension in QEMU 0.8.2 might allow local | users to execute arbitrary code via unspecified vectors related to |

Source: xen-unstable Version: 3.0-unstable+hg11561-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2007-3919[0]: | (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local | users to truncate arbitrary files via a symlink attack on | /tmp/xenq-shm. If you fix this vulnerability please also include

On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > On 02.12.2016 10:45, Jonas Wielicki wrote: > > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: > > > We are sorry to report that we have a bug in dovecot, which > > > merits a > > > CVE. See details below. If you haven't configured any > > > auth_policy_* > > > settings

On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: > We are sorry to report that we have a bug in dovecot, which merits a > CVE. See details below. If you haven't configured any auth_policy_* > settings you are ok. This is fixed with > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13 > a5a725ae and >

Hi, First look this vulnerability issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3933 My application models: http://pastie.org/1709174 On my departments form, when user selects a health unit, I copy all health unit attributes including address and street. The parameters hash looks like this: http://pastie.org/1709217 But this was considered a vunerability issue, the