CVE-2015-5261 – spice: host memory access from guest using crafted images
https://notcve.org/view.php?id=CVE-2015-5261
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. Desbordamiento de buffer basado en memoria dinámica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO leer y escribir en localizaciones de memoria arbitrarias en el anfitrión a través de comandos QXL de invitado relacionados con la creación de superficie. A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://rhn.redhat.com/errata/RHSA-2015-1889.html http://rhn.redhat.com/errata/RHSA-2015-1890.html http://www.debian.org/security/2015/dsa-3371 http://www.openwall.com/lists/oss-security/2015/10/06/4 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securitytracker.com/id/1033753 http://www.ubuntu.com/usn/USN-2766-1 https://bugzilla.redhat.com/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3149 – OpenJDK8: insecure hsperfdata temporary file handling, CVE-2015-0383 regression (Hotspot)
https://notcve.org/view.php?id=CVE-2015-3149
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. El componente Hotspot en OpenJDK8, como empaquetado en Red Hat Enterprise Linux versión 6 y 7, permite a los usuarios locales escribir en archivos arbitrarios mediante un ataque de enlace simbólico. • http://rhn.redhat.com/errata/RHSA-2015-1228.html http://www.securityfocus.com/bid/75933 https://bugzilla.redhat.com/show_bug.cgi?id=1213365 https://access.redhat.com/security/cve/CVE-2015-3149 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVE-2015-4603 – php: exception:: getTraceAsString type confusion issue after unserialize
https://notcve.org/view.php?id=CVE-2015-4603
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. La función exception::getTraceAsString en Zend/zend_exceptions.c en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 permite a atacantes remotos ejecutar código arbitrario a través de un tipo de dato no esperado, relacionado con un caso "type confusion" . A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75252 http://www.securitytracker.com/id/1032709 https://bugs.php. • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2015-4604 – php: denial of service when processing a crafted file with Fileinfo
https://notcve.org/view.php?id=CVE-2015-4604
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. La función mget en softmagic.c en file 5.x, tal como se utiliza en el componente Fileinfo en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8, no mantiene correctamente una cierta relación de puntero, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a traves de una cadena manipulada que no es manejada correctamente por una regla "secuencia de comandos de texto ejecutable de Python". • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f938112c495b0d26572435c0be73ac0bfe642ecd http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75241 http://www.securitytracker.com/id • CWE-20: Improper Input Validation •
CVE-2015-4605 – php: denial of service when processing a crafted file with Fileinfo
https://notcve.org/view.php?id=CVE-2015-4605
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. La función mcopy en softmagic.c en file 5.x, tal como se utiliza en el componente Fileinfo en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8, no restringe correctamente un cierto valor de desplazamiento, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de una cadena manipulada que no es manejada correctamente por una regla "secuencia de comandos de texto ejecutable de Python". • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f938112c495b0d26572435c0be73ac0bfe642ecd http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75233 http://www.securitytracker.com/id • CWE-20: Improper Input Validation •