All Hot News World. Public world blog, journal online reviewed.

Memory Leak File, PacketStorm Security

RSS feed: Memory Leak File, PacketStorm Security
Thu, 04 Oct 2018 19:19:00 GMT
Memory Leak Files ≈ Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers [ + ]
Thu, 14 Jun 2018 22:23:00 GMT
Ubuntu Security Notice USN-3785-1
Ubuntu Security Notice 3785-1 - Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. Various other issues were also addressed. [ + ]
Tue, 12 Jun 2018 23:49:15 GMT
Ubuntu Security Notice USN-3678-4
Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed. [ + ]
Tue, 12 Jun 2018 15:58:06 GMT
Ubuntu Security Notice USN-3678-3
Ubuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed. [ + ]
Tue, 12 Jun 2018 15:57:48 GMT
Ubuntu Security Notice USN-3678-2
Ubuntu Security Notice 3678-2 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed. [ + ]
Wed, 30 May 2018 03:33:33 GMT
Ubuntu Security Notice USN-3678-1
Ubuntu Security Notice 3678-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed. [ + ]
Wed, 17 Jan 2018 22:22:00 GMT
GNU Barcode 0.99 Memory Leak
GNU Barcode version 0.99 suffers from a memory leak vulnerability. [ + ]
Wed, 13 Dec 2017 17:03:19 GMT
Ubuntu Security Notice USN-3534-1
Ubuntu Security Notice 3534-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. A memory leak was discovered in the _dl_init_paths function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. Various other issues were also addressed. [ + ]
Wed, 08 Nov 2017 23:44:44 GMT
Qualys Security Advisory - GNU C Library Memory Leak / Buffer Overflow
Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc). [ + ]
Tue, 06 Jun 2017 14:06:02 GMT
Asterisk Project Security Advisory - AST-2017-011
Asterisk Project Security Advisory - A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. [ + ]
Wed, 24 May 2017 02:04:57 GMT
Red Hat Security Advisory 2017-1395-01
Red Hat Security Advisory 2017-1395-01 - This package contains a new implementation of the original libtirpc, transport-independent RPC library for NFS-Ganesha. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. [ + ]
Tue, 23 May 2017 20:20:00 GMT
Red Hat Security Advisory 2017-1268-01
Red Hat Security Advisory 2017-1268-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. [ + ]
Mon, 22 May 2017 20:15:52 GMT
Red Hat Security Advisory 2017-1267-01
Red Hat Security Advisory 2017-1267-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. [ + ]
Mon, 22 May 2017 20:15:44 GMT
Red Hat Security Advisory 2017-1262-01
Red Hat Security Advisory 2017-1262-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. [ + ]
Mon, 15 May 2017 14:40:45 GMT
Red Hat Security Advisory 2017-1263-01
Red Hat Security Advisory 2017-1263-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. [ + ]
Thu, 27 Apr 2017 15:37:16 GMT
FLAC 1.3.2 read_metadata_vorbiscomment_() Memory Leak / DoS
Secunia Research has discovered a vulnerability in FLAC, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "read_metadata_vorbiscomment_()" function (stream_decoder.c), which can be exploited to cause a memory leak via a specially crafted FLAC file. The vulnerability is confirmed in version 1.3.2. Other versions may also be affected. [ + ]
Thu, 09 Feb 2017 20:22:00 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:04.ipfilter
FreeBSD Security Advisory - ipfilter(4), capable of stateful packet inspection, using the "keep state" or "keep frags" rule options, will not only maintain the state of connections, such as TCP streams or UDP communication, it also maintains the state of fragmented packets. When a packet fragments are received they are cached in a hash table (and linked list). When a fragment is received it is compared with fragments already cached in the hash table for a match. If it does not match the new entry is used to create a new entry in the hash table. If on the other hand it does match, unfortunately the wrong entry is freed, the entry in the hash table. This results in use after free panic (and for a brief moment prior to the panic a memory leak due to the wrong entry being freed). Carefully feeding fragments that are allowed to pass by an ipfilter(4) firewall can be used to cause a panic followed by reboot loop denial of service attack. [ + ]
Fri, 03 Feb 2017 15:52:17 GMT
Ubuntu Security Notice USN-3187-2
Ubuntu Security Notice 3187-2 - Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service. It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local attacker could use this to cause a denial of service. [ + ]
Thu, 17 Nov 2016 23:52:44 GMT
Ubuntu Security Notice USN-3187-1
Ubuntu Security Notice 3187-1 - Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service. It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local attacker could use this to cause a denial of service. [ + ]
Thu, 29 Sep 2016 04:29:48 GMT
Red Hat Security Advisory 2016-2802-01
Red Hat Security Advisory 2016-2802-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. [ + ]
Tue, 27 Sep 2016 19:32:00 GMT
Cisco Security Advisory 20160928-smi
Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device. [ + ]
Thu, 11 Aug 2016 00:40:23 GMT
Red Hat Security Advisory 2016-1940-01
Red Hat Security Advisory 2016-1940-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. [ + ]
Mon, 11 Apr 2016 22:02:42 GMT
Cisco Security Advisory 20160810-iosxr
Cisco Security Advisory - A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there are mitigations for this vulnerability. [ + ]
Mon, 04 Apr 2016 16:47:28 GMT
Debian Security Advisory 3547-1
Debian Linux Security Advisory 3547-1 - Several vulnerabilities were discovered in Imagemagick, a program suite for image manipulation. This update fixes a large number of potential security problems such as null-pointer access and buffer-overflows that might lead to memory leaks or denial of service. Any of these security problems have a CVE number assigned. [ + ]
Wed, 23 Mar 2016 23:15:15 GMT
Red Hat Security Advisory 2016-0532-01
Red Hat Security Advisory 2016-0532-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Security Fix: A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. [ + ]

Cisco Security Advisory 20160323-sip
Cisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) gateway implementation in Cisco IOS, IOS XE, and Cisco Unified Communications Manager Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device. The vulnerability is due to improper processing of malformed SIP messages. An attacker could exploit this vulnerability by sending malformed SIP messages to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling SIP on the vulnerable device. [ + ]
PacketStorm Security

Booking.com B.V. is based in Amsterdam in the Netherlands. Ready for some statistics? Our 1,534,024 properties, including 860,482 holiday rentals, are located in 123,105 destinations in 229 countries and territories, and are supported internationally by 198 offices in 70 countries.
2013 Copyright Techhap.com Mobile version 2015 | PeterLife & company
Skimlinks helps publishers monetize editorial content through automated affiliate links for products. Affiliate programm.
Link at is mandatory if site materials are using fully or particulary.
Were treated to the site administrator, a cup of coffee *https://paypal.me/peterlife
Yandex.ru