<< Previous
Google Security Team
png_check_keyword(), caused by writing overlong keywords to a PNG
file (CVE-2008-5907).
* A memory corruption issue, caused by an incorrect handling of an
out of memory condition has been reported by Tavis Ormandy of the
Google Security Team. That vulnerability affects direct uses of
png_read_png(), pCAL chunk and 16-bit gamma table handling
(CVE-2009-0040).
Impact
======
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662
CVE-2007-4766 CVE-2007-4767 CVE-2007-4768
Tavis Ormandy of the Google Security Team has discovered several
security issues in PCRE, the Perl-Compatible Regular Expression library,
which potentially allow attackers to execute arbitrary code by compiling
specially crafted regular expressions.
Version 7.0 of the PCRE library featured a major rewrite of the regular
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows were reported by the Google Security Team
that had been fixed in Python 2.5.2 (CVE-2008-3143).
The Python packages on Corporate 3 have been updated to the latest
version 2.3.7, which corrects this issue.
_______________________________________________________________________
1 dev-lang/perl < 5.8.8-r4 >= 5.8.8-r4
Description
===========
Tavis Ormandy and Will Drewry (Google Security Team) discovered a
heap-based buffer overflow in the Regular Expression engine (regcomp.c)
that occurs when switching from byte to Unicode (UTF-8) characters in a
regular expression.
Impact
Lasso >= 2.2.2
ZXID N/A
Credit: Google Security Team (for the original OpenSSL issue).
CVE: CVE-2008-5077 (OpenSSL),
CVE-2009-0021 (NTP),
CVE-2009-0025 (BIND)
overflows in a number of core modules (CVE-2008-2315).
Justin Ferguson reported multiple buffer overflows in unicode string
processing that affected 32bit systems (CVE-2008-3142).
Multiple integer overflows were reported by the Google Security Team
that had been fixed in Python 2.5.2 (CVE-2008-3143).
Justin Ferguson reported a number of integer overflows and underflows
in the PyOS_vsnprintf() function, as well as an off-by-one error
when passing zero-length strings, that led to memory corruption
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A denial of service flaw was discovered by the Google Security Team
in the way libxml2 processes malformed XML content. This flaw could
cause the application to stop responding.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Tavis Ormandy of the Google Security Team discovered a flaw in how
libpng handles zero-length unknown chunks in PNG files, which could
lead to memory corruption in applications that make use of certain
functions (CVE-2008-1382).
The updated packages have been patched to correct this issue.
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Will Drewry of the Google Security Team reported several
vulnerabilities in how libvorbis processed audio data. An attacker
could create a carefuly crafted OGG audio file in such a way that it
would cause an application linked to libvorbis to crash or possibly
execute arbitray code when opened (CVE-2008-1419, CVE-2008-1420,
CVE-2008-1423).
Fixed version:
libxslt, N/A
Credit: vulnerability report and PoC code received from Chris Evans
<scarybeasts [at] gmail [dot] com>, Google Security Team.
CVE: CVE-2008-2935
Timeline:
2008-07-03: vulnerability report received
Problem Description:
A vulnerability has been found and corrected in pulseaudio:
Tavis Ormandy and Julien Tinnes of the Google Security Team discovered
that pulseaudio, when installed setuid root, does not drop privileges
before re-executing itself to achieve immediate bindings. This can
be exploited by a user who has write access to any directory on the
file system containing /usr/bin to gain local root access. The user
needs to exploit a race condition related to creating a hard link
xine-lib >= 1.1.15 [*]
* - see analysis text for more detail on fixes
Credit: Will Drewry, oCERT Team | Google Security Team.
CVE: TBD
Timeline:
2008-04-30: vendor contacts oCERT asking patch analysis
Attack Feasibility: run-time
Attack Vector: remote network
Attack Impact: arbitrary code execution
Description:
Will Drewry and Tavis Ormandy of the Google Security Team have
discovered a UTF-8 related heap overflow in the regular expression
compiler of the Perl [0] programming language, probably allowing
attackers to execute arbitrary code by compiling specially crafted
regular expressions. The bug manifests in a possible buffer overflow
in the polymorphic "opcode" support code, caused by ASCII regular
Problem type : local
Debian-specific: no
CVE ID : CVE-2012-1133 CVE-2012-1134 CVE-2012-1136 CVE-2012-1142
CVE-2012-1144
Mateusz Jurczyk from the Google Security Team discovered several
vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts,
which could result in the execution of arbitrary code if a malformed
font file is processed.
For the stable distribution (squeeze), this problem has been fixed in
Vulnerability : heap overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-5116
Will Drewry and Tavis Ormandy of the Google Security Team have
discovered a UTF-8 related heap overflow in Perl's regular expression
compiler, probably allowing attackers to execute arbitrary code by
compiling specially crafted regular expressions.
For the stable distribution (etch), this problem has been fixed in
An improper setting of the exception code on page faults may allow
for local privilege escalation on the guest operating system. This
vulnerability does not affect the host system.
VMware would like to thank Tavis Ormandy and Julien Tinnes of the
Google Security Team for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2267 to this issue.
The following table lists what action remediates the vulnerability
relation with original site.
Your position is similar to Mozilla's position. And because Mozilla declined
to fix this hole due to "lack of inheritance" between data: URI and the site
with redirector, and Chrome also has no such inheritance, I didn't send my
advisory directly to Google Security Team. And from your declining of this
vulnerability, I see that it's Google's official position about this issue.
I understand your and Mozilla's position, but I don't agree with you. And I
wrote enough (as I was thinking) arguments in my advisory, why it's
dangerous and why it need to be fixed.
with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary
objects. This can lead to a crash on a maliciously crafted web
page. While there is no evidence that this is directly exploitable,
there is a possibility of remote code execution (CVE-2012-0478).
Mateusz Jurczyk of the Google Security Team discovered an off-by-one
error in the OpenType Sanitizer using the Address Sanitizer tool. This
can lead to an out-of-bounds read and execution of an uninitialized
function pointer during parsing and possible remote code execution
(CVE-2011-3062).
with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary
objects. This can lead to a crash on a maliciously crafted web
page. While there is no evidence that this is directly exploitable,
there is a possibility of remote code execution (CVE-2012-0478).
Mateusz Jurczyk of the Google Security Team discovered an off-by-one
error in the OpenType Sanitizer using the Address Sanitizer tool. This
can lead to an out-of-bounds read and execution of an uninitialized
function pointer during parsing and possible remote code execution
(CVE-2011-3062).
mathTeX, mathtex.zip (2009/07/13)
Credit: vulnerability report received from Chris Evans <cevans [at] google
[dot] com> (mimetex) and Damien Miller <djm [at] google [dot] com>
(mathtex), Google Security Team.
CVE: CVE-2009-1382 (mimetex), CVE-2009-1383 (mathtex)
Timeline:
Affected: 2007.1, 2008.0, 2008.1
_______________________________________________________________________
Problem Description:
Tavis Ormandy of the Google Security Team discovered a heap-based
buffer overflow when compiling certain regular expression patterns.
This could be used by a malicious attacker by sending a specially
crafted regular expression to an application using the PCRE library,
resulting in the possible execution of arbitrary code or a denial of
service (CVE-2008-2371).
All users may mitigate this issue by upgrading to 3.0.3
Community users of 2.5.x and earlier may also mitigate this issue by upgrading 2.5.6.SEC02
Subscription users of 2.5.x and earlier may also mitigate this issue by upgrading 2.5.6.SEC02 or 2.5.7.SR01
Credit:
The issue was discovered by Meder Kydyraliev, Google Security Team
References:
[1] http://www.springsource.com/security/spring-framework
<<Previous
|
