This update for wireshark fixes the following issues: Wireshark was updated to 2.2.10, fixing security issues and bugs: * CVE-2017-15191: DMP dissector crash * CVE-2017-15192: BT ATT dissector crash * CVE-2017-15193: MBIM dissector crash
An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XMLentities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Fixed In Version pidgin 2.12.0
An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XML entities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Fixed In Version: pidgin 2.12.0
pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic.
pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic.
CVE-2017-5470: Memory safety bugs CVE-2017-5472: Use-after-free using destroyed node when regenerating trees CVE-2017-7749: Use-after-free during docshell reloading CVE-2017-7750: Use-after-free with track elements CVE-2017-7751: Use-after-free with content viewer listeners CVE-2017-7752: Use-after-free with IME input CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object CVE-2017-7756: ...
The gcc packages include C, C++, Java, Fortran, Objective C, and Ada 95 GNU compilers, along with related support libraries. The libgcj package provides fastjar, an archive tool for Java Archive files. Two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a local, unsuspecting user extracted a specially-crafted JAR file, it could cause fastjar to overwrite ar ...
The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool"s libltdl library. A flaw was found in the way GNU Libtool"s libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is ab ...