From owner-svn-ports-all@freebsd.org Wed Jun 1 22:54:15 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B4E65B64270; Wed, 1 Jun 2016 22:54:15 +0000 (UTC) (envelope-from zi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 52882184C; Wed, 1 Jun 2016 22:54:15 +0000 (UTC) (envelope-from zi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u51MsEcZ075364; Wed, 1 Jun 2016 22:54:14 GMT (envelope-from zi@FreeBSD.org) Received: (from zi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u51MsEat075363; Wed, 1 Jun 2016 22:54:14 GMT (envelope-from zi@FreeBSD.org) Message-Id: <201606012254.u51MsEat075363@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: zi set sender to zi@FreeBSD.org using -f From: Ryan Steinmetz Date: Wed, 1 Jun 2016 22:54:14 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r416262 - branches/2016Q2/security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2016 22:54:15 -0000 Author: zi Date: Wed Jun 1 22:54:14 2016 New Revision: 416262 URL: https://svnweb.freebsd.org/changeset/ports/416262 Log: MFH: r416260 - Get vuln.xml in sync with head Approved by: ports-secteam (me) Modified: branches/2016Q2/security/vuxml/vuln.xml Directory Properties: branches/2016Q2/ (props changed) Modified: branches/2016Q2/security/vuxml/vuln.xml ============================================================================== --- branches/2016Q2/security/vuxml/vuln.xml Wed Jun 1 22:50:28 2016 (r416261) +++ branches/2016Q2/security/vuxml/vuln.xml Wed Jun 1 22:54:14 2016 (r416262) @@ -58,6 +58,2391 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + h2o -- use after free on premature connection close + + + h2o + 1.7.3 + + + + +

Tim Newsha reports:

+
When H2O tries to disconnect a premature HTTP/2 connection, it + calls free(3) to release memory allocated for the connection and + immediately after then touches the memory. No malloc-related + operation is performed by the same thread between the time it calls + free and the time the memory is touched. Fixed by Frederik + Deweerdt.
+

+ + + + https://h2o.examp1e.net/vulnerabilities.html + + + 2016-05-17 + 2016-06-01 + + + + + nginx -- a specially crafted request might result in worker process crash + + + nginx + 1.4.01.10.1 + + + nginx-devel + 1.3.91.11.1 + + + + +

Maxim Dounin reports:

+
A problem was identified in nginx code responsible for saving + client request body to a temporary file. A specially crafted + request might result in worker process crash due to a NULL + pointer dereference while writing client request body to a + temporary file.
+

+ + + + http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html + CVE-2016-4450 + + + 2016-05-31 + 2016-05-31 + + + + + cacti -- multiple vulnerabilities + + + cacti + 0.8.8h + + + + +

The Cacti Group, Inc. reports:

+
Changelog
+
+
bug:0002667: Cacti SQL Injection Vulnerability
+
bug:0002673: CVE-2016-3659 - Cacti graph_view.php SQL Injection + Vulnerability
+
bug:0002656: Authentication using web authentication as a user + not in the cacti database allows complete access (regression)
+
+

+ + + + CVE-2016-3659 + http://www.cacti.net/release_notes_0_8_8h.php + http://bugs.cacti.net/view.php?id=2673 + http://seclists.org/fulldisclosure/2016/Apr/4 + http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html + + + 2016-04-04 + 2016-05-28 + + + + + openvswitch -- MPLS buffer overflow + + + openvswitch + 2.3.2_1 + + + + +

Open vSwitch reports:

+
Multiple versions of Open vSwitch are vulnerable to remote buffer + overflow attacks, in which crafted MPLS packets could overflow the + buffer reserved for MPLS labels in an OVS internal data structure. + The MPLS packets that trigger the vulnerability and the potential for + exploitation vary depending on version:
+
Open vSwitch 2.1.x and earlier are not vulnerable.
+
In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be + exploited for arbitrary remote code execution.
+
In Open vSwitch 2.4.x, the MPLS buffer overflow does not obviously lead + to a remote code execution exploit, but testing shows that it can allow a + remote denial of service. See the mitigation section for details.
+
Open vSwitch 2.5.x is not vulnerable.
+

+ + + + CVE-2016-2074 + + + 2016-03-28 + 2016-05-29 + + + + + chromium -- multiple vulnerabilities + + + chromium + chromium-npapi + chromium-pulse + 51.0.2704.63 + + + + +

Google Chrome Releases reports:

+
42 security fixes in this release, including:
+
+
[590118] High CVE-2016-1672: Cross-origin bypass in extension + bindings. Credit to Mariusz Mlynski.
+
[597532] High CVE-2016-1673: Cross-origin bypass in Blink. + Credit to Mariusz Mlynski.
+
[598165] High CVE-2016-1674: Cross-origin bypass in extensions.i + Credit to Mariusz Mlynski.
+
[600182] High CVE-2016-1675: Cross-origin bypass in Blink. + Credit to Mariusz Mlynski.
+
[604901] High CVE-2016-1676: Cross-origin bypass in extension + bindings. Credit to Rob Wu.
+
[602970] Medium CVE-2016-1677: Type confusion in V8. Credit to + Guang Gong of Qihoo 360.
+
[595259] High CVE-2016-1678: Heap overflow in V8. Credit to + Christian Holler.
+
[606390] High CVE-2016-1679: Heap use-after-free in V8 + bindings. Credit to Rob Wu.
+
[589848] High CVE-2016-1680: Heap use-after-free in Skia. + Credit to Atte Kettunen of OUSPG.
+
[613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to + Aleksandar Nikolic of Cisco Talos.
+
[579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. + Credit to KingstonTime.
+
[583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. + Credit to Nicolas Gregoire.
+
[583171] Medium CVE-2016-1684: Integer overflow in libxslt. + Credit to Nicolas Gregoire.
+
[601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. + Credit to Ke Liu of Tencent's Xuanwu LAB.
+
[603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. + Credit to Ke Liu of Tencent's Xuanwu LAB.
+
[603748] Medium CVE-2016-1687: Information leak in extensions. + Credit to Rob Wu.
+
[604897] Medium CVE-2016-1688: Out-of-bounds read in V8. + Credit to Max Korenko.
+
[606185] Medium CVE-2016-1689: Heap buffer overflow in media. + Credit to Atte Kettunen of OUSPG.
+
[608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. + Credit to Rob Wu.
+
[597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. + Credit to Atte Kettunen of OUSPG.
+
[598077] Low CVE-2016-1692: Limited cross-origin bypass in + ServiceWorker. Credit to Til Jasper Ullrich.
+
[598752] Low CVE-2016-1693: HTTP Download of Software Removal + Tool. Credit to Khalil Zhani.
+
[603682] Low CVE-2016-1694: HPKP pins removed on cache + clearance. Credit to Ryan Lester and Bryant Zadegan.
+
[614767] CVE-2016-1695: Various fixes from internal audits, + fuzzing and other initiatives.
+
+

+ + + + CVE-2016-1672 + CVE-2016-1673 + CVE-2016-1674 + CVE-2016-1675 + CVE-2016-1672 + CVE-2016-1677 + CVE-2016-1678 + CVE-2016-1679 + CVE-2016-1680 + CVE-2016-1681 + CVE-2016-1682 + CVE-2016-1683 + CVE-2016-1684 + CVE-2016-1685 + CVE-2016-1686 + CVE-2016-1687 + CVE-2016-1688 + CVE-2016-1689 + CVE-2016-1690 + CVE-2016-1691 + CVE-2016-1692 + CVE-2016-1693 + CVE-2016-1694 + CVE-2016-1695 + http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update_25.html + + + 2016-05-25 + 2016-05-28 + + + + + chromium -- multiple vulnerabilities + + + chromium + chromium-npapi + chromium-pulse + 50.0.2661.102 + + + + +

Google Chrome Releases reports:

+
5 security fixes in this release, including:
+
+
[605766] High CVE-2016-1667: Same origin bypass in DOM. Credit + to Mariusz Mlynski.
+
[605910] High CVE-2016-1668: Same origin bypass in Blink V8 + bindings. Credit to Mariusz Mlynski.
+
[606115] High CVE-2016-1669: Buffer overflow in V8. Credit to + Choongwoo Han.
+
[578882] Medium CVE-2016-1670: Race condition in loader. Credit + to anonymous.
+
[586657] Medium CVE-2016-1671: Directory traversal using the + file scheme on Android. Credit to Jann Horn.
+
+

+ + + + CVE-2016-1667 + CVE-2016-1668 + CVE-2016-1669 + CVE-2016-1670 + CVE-2016-1671 + http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update.html + + + 2016-05-11 + 2016-05-28 + + + + + chromium -- multiple vulnerablities + + + chromium + chromium-npapi + chromium-pulse + 50.0.2661.94 + + + + +

Google Chrome Releases reports:

+
9 security fixes in this release, including:
+
+
[574802] High CVE-2016-1660: Out-of-bounds write in Blink. + Credit to Atte Kettunen of OUSPG.
+
[601629] High CVE-2016-1661: Memory corruption in cross-process + frames. Credit to Wadih Matar.
+
[603732] High CVE-2016-1662: Use-after-free in extensions. + Credit to Rob Wu.
+
[603987] High CVE-2016-1663: Use-after-free in Blink's V8 + bindings. Credit to anonymous.
+
[597322] Medium CVE-2016-1664: Address bar spoofing. Credit to + Wadih Matar.
+
[606181] Medium CVE-2016-1665: Information leak in V8. Credit + to HyungSeok Han.
+
[607652] CVE-2016-1666: Various fixes from internal audits, + fuzzing and other initiatives.
+
+

+ + + + CVE-2016-1660 + CVE-2016-1661 + CVE-2016-1662 + CVE-2016-1663 + CVE-2016-1664 + CVE-2016-1665 + CVE-2016-1666 + http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_28.html + + + 2016-04-28 + 2016-05-28 + + + + + php -- multiple vulnerabilities + + + php70-gd + php70-intl + 7.0.7 + + + php56 + php56-gd + 5.6.22 + + + php55 + php55-gd + php55-phar + 5.5.36 + + + + +

The PHP Group reports:

+
Core: +
+
Fixed bug #72114 (Integer underflow / arbitrary null write in + fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)
+
Fixed bug #72135 (Integer Overflow in php_html_entities). + (CVE-2016-5094) (PHP 5.5/5.6 only)
+
+
GD: +
+
Fixed bug #72227 (imagescale out-of-bounds read). + (CVE-2013-7456)
+
+
Intl: +
+
Fixed bug #72241 (get_icu_value_internal out-of-bounds read). + (CVE-2016-5093)
+
+
Phar: +
+
Fixed bug #71331 (Uninitialized pointer in + phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)
+
+
+

+ + + + CVE-2016-5096 + CVE-2016-5094 + CVE-2013-7456 + CVE-2016-5093 + CVE-2016-4343 + ports/209779 + http://php.net/ChangeLog-7.php#7.0.7 + http://php.net/ChangeLog-5.php#5.6.22 + http://php.net/ChangeLog-5.php#5.5.36 + + + 2016-05-26 + 2016-05-28 + + + + + phpmyadmin -- XSS and sensitive data leakage + + + phpmyadmin + 4.6.04.6.2 + + + + +

The phpmyadmin development team reports:

+
Description
+
Because user SQL queries are part of the URL, sensitive + information made as part of a user query can be exposed by + clicking on external links to attackers monitoring user GET + query parameters or included in the webserver logs.
+
Severity
+
We consider this to be non-critical.
+

+
Description
+
A specially crafted attack could allow for special HTML + characters to be passed as URL encoded values and displayed + back as special characters in the page.
+
Severity
+
We consider this to be non-critical.
+

+ + + + https://www.phpmyadmin.net/security/PMASA-2016-14/ + https://www.phpmyadmin.net/security/PMASA-2016-16/ + CVE-2016-5097 + CVE-2016-5099 + + + 2016-05-25 + 2016-05-25 + 2016-05-26 + + + + + mediawiki -- multiple vulnerabilities + + + mediawiki123 + 1.23.14 + + + mediawiki124 + 1.24.6 + + + mediawiki125 + 1.25.6 + + + mediawiki126 + 1.26.3 + + + + +

Mediawiki reports:

+
Security fixes:
+
T122056: Old tokens are remaining valid within a new session
+
T127114: Login throttle can be tricked using non-canonicalized + usernames
+
T123653: Cross-domain policy regexp is too narrow
+
T123071: Incorrectly identifying http link in a's href + attributes, due to m modifier in regex
+
T129506: MediaWiki:Gadget-popups.js isn't renderable
+
T125283: Users occasionally logged in as different users after + SessionManager deployment
+
T103239: Patrol allows click catching and patrolling of any + page
+
T122807: [tracking] Check php crypto primatives
+
T98313: Graphs can leak tokens, leading to CSRF
+
T130947: Diff generation should use PoolCounter
+
T133507: Careless use of $wgExternalLinkTarget is insecure
+
T132874: API action=move is not rate limited
+

+ + + + https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html + + + 2016-05-20 + 2016-05-24 + + + + + wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written + + + wpa_supplicant + 2.5_2 + + + + +

Jouni Malinen reports:

+
psk configuration parameter update allowing arbitrary data to be + written (2016-1 - CVE-2016-4476/CVE-2016-4477).
+

+ + + + CVE-2016-4476 + CVE-2016-4477 + /ports/209564 + http://w1.fi/security/2016-1/psk-parameter-config-update.txt + + + 2016-05-02 + 2016-05-20 + + + + + expat -- denial of service vulnerability on malformed input + + + expat + 2.1.1 + + + + +

Gustavo Grieco reports:

+
The Expat XML parser mishandles certain kinds of malformed input + documents, resulting in buffer overflows during processing and error + reporting. The overflows can manifest as a segmentation fault or as + memory corruption during a parse operation. The bugs allow for a + denial of service attack in many applications by an unauthenticated + attacker, and could conceivably result in remote code execution.
+

+ + + + CVE-2016-0718 + ports/209360 + http://www.openwall.com/lists/oss-security/2016/05/17/12 + + + 2016-05-17 + 2016-05-20 + + + + + Bugzilla security issues + + + bugzilla44 + 4.4.12 + + + bugzilla50 + 5.0.3 + + + + +

Bugzilla Security Advisory

+
A specially crafted bug summary could trigger XSS in dependency graphs. + Due to an incorrect parsing of the image map generated by the dot script, + a specially crafted bug summary could trigger XSS in dependency graphs.
+

+ + + + CVE-2016-2803 + https://bugzilla.mozilla.org/show_bug.cgi?id=1253263 + + + 2016-03-03 + 2016-05-17 + + + + + OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing + + + openvpn + 2.3.11 + + + openvpn-polarssl + 2.3.11 + + + + +

Samuli Seppänen reports:

+
OpenVPN 2.3.11 [...] fixes two vulnerabilities: a port-share bug + with DoS potential and a buffer overflow by user supplied data when + using pam authentication.[...]
+

+ + + + https://sourceforge.net/p/openvpn/mailman/message/35076507/ + https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 + + + 2016-03-03 + 2016-05-14 + + + + + imagemagick -- buffer overflow + + + ImageMagick + ImageMagick-nox11 + 6.9.4.1,1 + + + ImageMagick7 + ImageMagick7-nox11 + 7.0.0.0.b201507157.0.1.3 + + + + +

ImageMagick reports:

+
Fix a buffer overflow in magick/drag.c/DrawStrokePolygon().
+

+ + + + http://legacy.imagemagick.org/script/changelog.php + + + 2016-05-09 + 2016-05-13 + + + + + jenkins -- multiple vulnerabilities + + + jenkins + 2.2 + + + jenkins2 + 2.2 + + + jenkins-lts + 1.651.1 + + + + +

Jenkins Security Advisory:

+
Description
+
SECURITY-170 / CVE-2016-3721
+
Arbitrary build parameters are passed to build scripts as environment variables
+
SECURITY-243 / CVE-2016-3722
+
Malicious users with multiple user accounts can prevent other users from logging in
+
SECURITY-250 / CVE-2016-3723
+
Information on installed plugins exposed via API
+
SECURITY-266 / CVE-2016-3724
+
Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration
+
SECURITY-273 / CVE-2016-3725
+
Regular users can trigger download of update site metadata
+
SECURITY-276 / CVE-2016-3726
+
Open redirect to scheme-relative URLs
+
SECURITY-281 / CVE-2016-3727
+
Granting the permission to read node configurations allows access to overall system configuration
+

+ + + + CVE-2016-3721 + CVE-2016-3722 + CVE-2016-3723 + CVE-2016-3724 + CVE-2016-3725 + CVE-2016-3726 + CVE-2016-3727 + https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 + + + 2016-05-11 + 2016-05-12 + + + + + perl5 -- taint mechanism bypass vulnerability + + + perl5 + 5.18.4_21 + 5.20.05.20.3_12 + 5.22.05.22.1_8 + + + perl5.18 + 5.18.05.18.4_21 + + + perl5.20 + 5.20.05.20.3_12 + + + perl5.22 + 5.22.05.22.1_8 + + + + +

MITRE reports:

+
Perl might allow context-dependent attackers to bypass the taint + protection mechanism in a child process via duplicate environment + variables in envp.
+

+ + + + CVE-2016-2381 + ports/208879 + + + 2016-04-08 + 2016-05-10 + + + + + wordpress -- multiple vulnerabilities + + + wordpress + 4.5.2,1 + + + de-wordpress + ja-wordpress + ru-wordpress + zh-wordpress-zh_CN + zh-wordpress-zh_TW + 4.5.2 + + + + +

Helen Hou-Sandi reports:

+
WordPress 4.5.2 is now available. This is a security release for + all previous versions and we strongly encourage you to update your + sites immediately.
+
WordPress versions 4.5.1 and earlier are affected by a SOME + vulnerability through Plupload, the third-party library WordPress + uses for uploading files. WordPress versions 4.2 through 4.5.1 are + vulnerable to reflected XSS using specially crafted URIs through + MediaElement.js, the third-party library used for media players. + MediaElement.js and Plupload have also released updates fixing + these issues.
+

+ + + + CVE-2016-4566 + CVE-2016-4567 + https://wordpress.org/news/2016/05/wordpress-4-5-2/ + http://www.openwall.com/lists/oss-security/2016/05/07/7 + + + 2016-05-06 + 2016-05-10 + + + + + libarchive -- RCE vulnerability + + + libarchive + 3.2.0,1 + + + + +

The libarchive project reports:

+
Heap-based buffer overflow in the zip_read_mac_metadata function + in archive_read_support_format_zip.c in libarchive before 3.2.0 + allows remote attackers to execute arbitrary code via crafted + entry-size values in a ZIP archive.
+

+ + + + CVE-2016-1541 + https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 + + + 2016-05-01 + 2016-05-09 + 2016-05-10 + + + + + squid -- multiple vulnerabilities + + + squid + 3.0.03.5.18 + + + squid-devel + 4.0.04.0.10 + + + + +

The squid development team reports:

+
+
Problem Description:
+
Due to incorrect data validation of intercepted HTTP + Request messages Squid is vulnerable to clients bypassing + the protection against CVE-2009-0801 related issues. This + leads to cache poisoning.
+
Severity:
+
This problem is serious because it allows any client, + including browser scripts, to bypass local security and + poison the proxy cache and any downstream caches with + content from an arbitrary source.
+
+

+
+
Problem Description:
+
Due to incorrect input validation Squid is vulnerable + to a header smuggling attack leading to cache poisoning + and to bypass of same-origin security policy in Squid and + some client browsers.
+
Severity:
+
This problem allows a client to smuggle Host header + value past same-origin security protections to cause Squid + operating as interception or reverse-proxy to contact the + wrong origin server. Also poisoning any downstream cache + which stores the response.
+
However, the cache poisoning is only possible if the + caching agent (browser or explicit/forward proxy) is not + following RFC 7230 processing guidelines and lets the + smuggled value through.
+
+

+
+
Problem Description:
+
Due to incorrect pointer handling and reference + counting Squid is vulnerable to a denial of service attack + when processing ESI responses.
+
Severity:
+
These problems allow a remote server delivering + certain ESI response syntax to trigger a denial of service + for all clients accessing the Squid service.
+
Due to unrelated changes Squid-3.5 has become + vulnerable to some regular ESI server responses also + triggering one or more of these issues.
+
+

+ + + + CVE-2016-4553 + CVE-2016-4554 + CVE-2016-4555 + CVE-2016-4556 + http://www.squid-cache.org/Advisories/SQUID-2016_7.txt + http://www.squid-cache.org/Advisories/SQUID-2016_8.txt + http://www.squid-cache.org/Advisories/SQUID-2016_9.txt + + + 2016-05-06 + 2016-05-07 + 2016-05-09 + + + + + ImageMagick -- multiple vulnerabilities + + + ImageMagick + ImageMagick-nox11 + 6.9.3.9_1,1 + + + ImageMagick7 + ImageMagick7-nox11 + 7.0.0.0.b201507157.0.1.0_1 + + + + +

Openwall reports:

+
Insufficient filtering for filename passed to delegate's command + allows remote code execution during conversion of several file + formats. Any service which uses ImageMagick to process user + supplied images and uses default delegates.xml / policy.xml, + may be vulnerable to this issue.
+
It is possible to make ImageMagick perform a HTTP GET or FTP + request
+
It is possible to delete files by using ImageMagick's 'ephemeral' + pseudo protocol which deletes files after reading.
+
It is possible to move image files to file with any extension + in any folder by using ImageMagick's 'msl' pseudo protocol. + msl.txt and image.gif should exist in known location - /tmp/ + for PoC (in real life it may be web service written in PHP, + which allows to upload raw txt files and process images with + ImageMagick).
+
It is possible to get content of the files from the server + by using ImageMagick's 'label' pseudo protocol.
+

+ + + + CVE-2016-3714 + CVE-2016-3715 + CVE-2016-3716 + CVE-2016-3717 + CVE-2016-3718 + http://www.openwall.com/lists/oss-security/2016/05/03/18 + https://imagetragick.com/ + + + 2016-05-03 + 2016-05-06 + 2016-05-07 + + + + + jansson -- local denial of service vulnerabilities + + + jansson + 2.7_2 + + + + +

QuickFuzz reports:

+
A crash caused by stack exhaustion parsing a JSON was found.
+

+ + + + http://www.openwall.com/lists/oss-security/2016/05/01/5 + http://www.openwall.com/lists/oss-security/2016/05/02/1 + CVE-2016-4425 + + + 2016-05-01 + 2016-05-04 + + + + + OpenSSL -- multiple vulnerabilities + + + openssl + 1.0.2_11 + + + linux-c6-openssl + 1.0.1e_8 + *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***