|
|
Colapse all |
Post message
[security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification 2015-12-21 security-alert hpe com [security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass 2015-12-21 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04926482 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04926482 Version: 1 HPSBGN03527 r [ more ] [ reply ] [SECURITY] [DSA 3429-1] foomatic-filters security update 2015-12-21 Salvatore Bonaccorso (carnil debian org) ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability 2015-12-21 Security Alert (Security_Alert emc com) giflib: heap overflow in giffix (CVE-2015-7555) 2015-12-21 Hans Jerry Illikainen (hji dyntopia com) About ===== giflib[1] is a library for working with GIF images. It also provides several command-line utilities. CVE-2015-7555 ============= A heap overflow may occur in the giffix utility included in giflib-5.1.1 when processing records of the type `IMAGE_DESC_RECORD_TYPE' due to the allocate [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege 2015-12-21 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installer [°] of ESET's NOD32 antivirus, eset_nod32_antivirus_live_installer_.exe, loads and executes (at least) the rogue/bogus/malicious Cabinet.dll and DbgHelp.dll eventually found in the directory it is started from ['] (the "application directory"). For software downloa [ more ] [ reply ] Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies 2015-12-21 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, in <http://seclists.org/fulldisclosure/2015/Nov/101> I showed general mitigations for DLL hijacking via runtime dependencies (<https://msdn.microsoft.com/en-us/library/ms685090.aspx>). DLL hijacking is but also possible via load-time dependencies (<https://msdn.microsoft.com/en-us/library/ [ more ] [ reply ] KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password 2015-12-18 KoreLogic Disclosures (disclosures korelogic com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password Title: Seagate GoFlex Satellite Remote Telnet Default Password Advisory ID: KL-001-2015-007 Publication Date: 2015.12.18 Publication URL: https://www.korelogic.com/Resources/Ad [ more ] [ reply ] KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address 2015-12-18 KoreLogic Disclosures (disclosures korelogic com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address Title: Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address Advisory ID: KL-001-2015-008 Publication Date: 2015.12.18 Publication URL [ more ] [ reply ] [slackware-security] grub (SSA:2015-351-01) 2015-12-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] grub (SSA:2015-351-01) New grub packages are available for Slackware 14.1 and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/grub-2.00-i48 [ more ] [ reply ] [slackware-security] libpng (SSA:2015-351-02) 2015-12-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2015-351-02) New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ [ more ] [ reply ] Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege 2015-12-18 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, avira_registry_cleaner_en.exe, available from <https://www.avira.com/en/download/product/avira-registry-cleaner> to clean up remnants the uninstallers of their snakeoil products fail to remove, is vulnerable: it loads and executes WTSAPI32.dll, UXTheme.dll and RichEd20.dll from its applicat [ more ] [ reply ] ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability 2015-12-17 Security Alert (Security_Alert emc com) [oCERT 2015-011] PyAMF input sanitization errors (XXE) 2015-12-17 Daniele Bianco (danbia ocert org) #2015-011 PyAMF input sanitization errors (XXE) Description: PyAMF is a Python module that implements the Action Message Format (AMF) protocol, allowing Flash interoperation with various web frameworks. PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parse [ more ] [ reply ] CVE-2015-5348 - Apache Camel medium disclosure vulnerability 2015-12-17 Claus Ibsen (claus ibsen gmail com) Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability If using camel-jetty, or camel-servlet as a consumer in Camel routes, then Camel will automatic de-serialize HTTP requests that uses the content-header: application/x-java-serialized-object. Please study [ more ] [ reply ] [SECURITY] [DSA 3337-2] gdk-pixbuf security update 2015-12-17 Salvatore Bonaccorso (carnil debian org) [slackware-security] mozilla-firefox (SSA:2015-349-03) 2015-12-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-349-03) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification 2015-12-16 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04923929 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04923929 Version: 1 HPSBHF03528 r [ more ] [ reply ] Shutdown UX DLL side loading vulnerability 2015-12-16 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Shutdown UX DLL side loading vulnerability ------------------------------------------------------------------------ Yorick Koster, November 2015 ------------------------------------------------------------------------ Abstract [ more ] [ reply ] Shockwave Flash Object DLL side loading vulnerability 2015-12-16 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Shockwave Flash Object DLL side loading vulnerability ------------------------------------------------------------------------ Yorick Koster, August 2015 ------------------------------------------------------------------------ [ more ] [ reply ] [security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) 2015-12-16 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04923105 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04923105 Version: 1 HPSBUX03529 S [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04926463
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04926463
Version: 1
HPSBGN03526 r
[ more ] [ reply ]