Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...
Synopsis
Moderate: httpd24 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
This build resolves the following issues:
CVE-2016-8615: Cookie injection for other serversCVE-2016-8616: Case insensitive password comparisonCVE-2016-8617: Out-of-bounds write via unchecked multiplicationCVE-2016-8618: Double-free in curl_maprintfCVE-2016-8619: Double-free in krb5 codeCVE-2016-8620: Glob parser write/read out of boundsCVE-2016-862 ...
In curl's implementation of the Kerberos authentication mechanism, the function read_data() in securityc is used to fill the necessary krb5 structures When reading one of the length fields from the socket, it fails to ensure that the length parameter passed to realloc() is not set to 0
This would lead to realloc() getting called with a zero siz ...
LCE 481 is possibly impacted by multiple vulnerabilities reported in third-party libraries Tenable has not investigated each one to determine if it is exploitable or the vulnerable code path can be reached Instead, Dev has upgraded the impacted libraries as a faster and safer alternative Due to the number of library upgrades and the potential ...