SecurityFocus

[SECURITY] [DSA 2698-1] tiff security update 2013-06-18
Michael Gilbert (mgilbert debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2698-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
June 18, 2013

[ more ] [ reply ]

[SECURITY] [DSA 2628-2] nss-pam-ldapd update 2013-06-18
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2628-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 18, 2013

[ more ] [ reply ]

APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update 16 2013-06-18
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and
Mac OS X v10.6 Update 16

Java for OS X 2013-004 and Mac OS X v10.6 Update 16 is now available
and addresses the following:

Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7

[ more ] [ reply ]

Re: Apple and Wifi Hotspot Credentials Management Vulnerability 2013-06-17
Jeffrey Walton (noloader gmail com)

On Mon, Jun 17, 2013 at 3:35 PM, Jeffrey Walton <noloader (at) gmail (dot) com [email concealed]> wrote:
>
> ...
> It appears Apple Wifi hotspot passwords are generated using a wordlist
> consisting of 1842 words. The authors built a customer cracker to aide
> in recovery of the Wifi hotspot passwords.
My bad. The application e

[ more ] [ reply ]

Apple and Wifi Hotspot Credentials Management Vulnerability 2013-06-17
Jeffrey Walton (noloader gmail com)

This vulnerability was published to the OWASP Mobile Security list as
a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See
"Cracking iOS personal hotspots using a Scrabble crossword game word
list," http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June
/000640.htm

[ more ] [ reply ]

[SECURITY] [DSA 2710-1] xml-security-c security update 2013-06-18
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2710-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2013

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-13:06.mmap 2013-06-18
FreeBSD Security Advisories (security-advisories freebsd org)

Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability 2013-06-18
Cantor, Scott (cantor 2 osu edu)

CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability 2013-06-18
Cantor, Scott (cantor 2 osu edu)

CVE-2013-2155: Apache Santuario C++ denial of service vulnerability 2013-06-18
Cantor, Scott (cantor 2 osu edu)

CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability 2013-06-18
Cantor, Scott (cantor 2 osu edu)

CVE-2013-2153: Apache Santuario XML Security for C++ contains an
XML Signature Bypass issue

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: The implementation of XML digital signature

[ more ] [ reply ]

[security bulletin] HPSBHF02885 rev.2 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access 2013-06-17
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Document ID: c03787836
Version: 2

HPSBHF02885 rev.2 - HP Integrated Lights-Out iLO3 and iLO4 using
Single-Sign-On (SSO), Remote Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release D

[ more ] [ reply ]

Re: WordPress 3.5.1, Denial of Service 2013-06-13
Henri Salo (henri nerv fi)

On Fri, Jun 07, 2013 at 06:29:48PM +0200, Krzysztof Katowicz-Kowalewski wrote:
> Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php). The exploitation of this vulnerability is possible

[ more ] [ reply ]

LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine 2013-06-13
LSE Leading Security Experts GmbH \(Security Advisories\) (advisories lsexperts de)

[ MDVSA-2013:173 ] subversion 2013-06-13
security mandriva com

[SECURITY] [DSA 2707-1] dbus security update 2013-06-13
Yves-Alexis Perez (corsac debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2707-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
June 13, 2013

[ more ] [ reply ]

Slideware of recent presentations about IPv6 security 2013-06-12
Fernando Gont (fgont si6networks com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Folks,

FYI, the slideware of two recent presentations is available online:

* "Security Assessment of IPv6 Networks and Firewalls", presented at the
German IPv6 Kongress (http://www.ipv6-kongress.de/) in Frankfurt/Main,
June 6-7, 2013.

Slideware avail

[ more ] [ reply ]

[ MDVSA-2013:172 ] wireshark 2013-06-12
security mandriva com

SQL Injection in Dolphin 2013-06-12
advisory htbridge com

Advisory ID: HTB23157
Product: Dolphin
Vendor: BoonEx
Vulnerable Version(s): 7.1.2 and probably prior
Tested Version: 7.1.2
Vendor Notification: May 22, 2013
Vendor Patch: May 29, 2013
Public Disclosure: June 12, 2013
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2013-3638
Risk Le

[ more ] [ reply ]

Re: WordPress 3.5.1, Denial of Service 2013-06-11
Solar Designer (solar openwall com)

Hi guys,

I'll over-quote a little, then comment below:

On Tue, Jun 11, 2013 at 08:55:21PM +0200, Peter Bex wrote:
> On Fri, Jun 07, 2013 at 06:29:48PM +0200, Krzysztof Katowicz-Kowalewski wrote:
> > Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service v

[ more ] [ reply ]

CORE-2013-0430 - Buffer overflow in Ubiquiti airCam RTSP service 2013-06-11
CORE Security Technologies Advisories (advisories coresecurity com)

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com

Buffer overflow in Ubiquiti airCam RTSP service

1. *Advisory Information*

Title: Buffer overflow in Ubiquiti airCam RTSP service
Advisory ID: CORE-2013-0430
Advisory URL:
http://www.coresecurity.com/advisories/buffer-overflow-ubi

[ more ] [ reply ]

[security bulletin] HPSBMU02884 rev.1 - HP Service Manager and HP ServiceCenter, Cross Site Scripting (XSS) and Disclosure of Information 2013-06-11
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03784101

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03784101
Version: 1

HPSBMU02884 re

[ more ] [ reply ]

Re: WordPress 3.5.1, Denial of Service 2013-06-11
Peter Bex (Peter Bex xs4all nl)

t2'13: Call for Papers 2013 (Helsinki / Finland) 2013-06-11
Tomi Tuominen (tomi tuominen t2 fi)

# t2'13 - Call For Papers #
Helsinki, Finland
October 24 - 25, 2013

We are pleased to announce the annual t2'13 infosec conference, which
will take place in Helsinki, Finland, from October 24 to 25, 2013.

We are looking for original, pre

[ more ] [ reply ]

[security bulletin] HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access 2013-06-11
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03787836

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03787836
Version: 1

HPSBHF02885 re

[ more ] [ reply ]

CFP: IEEE SafeConfig: 6th Symposium on Security Analytics and Automation 2013-06-11
James Joshi (jjoshi pitt edu)

CALL FOR PAPERS

IEEE SafeConfig 2013
--------------------
6th Symposium on Security Analytics and Automation (www.safeconfig.org)

(collocated with IEEE Conference on Communications and Network Security)

Washington, D.C., USA
October 14, 2013

Sponsors: IEEE (COMSOC).

Important Dates

Abstract R

[ more ] [ reply ]

[slackware-security] php (SSA:2013-161-01) 2013-06-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2013-161-01)

New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix a security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+

[ more ] [ reply ]

[SECURITY] [DSA 2706-1] chromium-browser security update 2013-06-10
Giuseppe Iuculano (iuculano debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2706-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
June 10, 2013

[ more ] [ reply ]

[SECURITY] [DSA 2705-1] pymongo security update 2013-06-10
Giuseppe Iuculano (iuculano debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2705-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
June 10, 2013

[ more ] [ reply ]

[SECURITY] [DSA 2703-1] subversion security update 2013-06-09
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2703-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2013

[ more ] [ reply ]