|
|
Colapse all |
Post message
[slackware-security] ntp (SSA:2015-188-03) 2015-07-08 Slackware Security Team (security slackware com) [slackware-security] cups (SSA:2015-188-01) 2015-07-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] cups (SSA:2015-188-01) New cups packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patch [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2015-188-02) 2015-07-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-188-02) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:11.bind 2015-07-07 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information 2015-07-07 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04711380 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04711380 Version: 2 HPSBGN03352 re [ more ] [ reply ] [security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information 2015-07-07 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04716090 Version: 1 HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Rele [ more ] [ reply ] RE: [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information (UNCLASSIFIED) 2015-07-06 Patterson, Derrick A CTR \(US\) (derrick a patterson ctr mail mil) Classification: UNCLASSIFIED Caveats: NONE John I hope you all had a great 4th of July weekend. I have configure the IP address on the sensor. The software version is 7.1.3.88. I will send the password once you have verified the version of software is ok. Thanks PS my cert is attached so you [ more ] [ reply ] [security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS, Remote Disclosure of Information 2015-07-07 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04725761 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04725761 Version: 1 HPSBGN03361 re [ more ] [ reply ] [security bulletin] HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information 2015-07-07 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04543623 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04543623 Version: 1 HPSBMU03234 re [ more ] [ reply ] [SECURITY] [DSA 3303-1] cups-filters security update 2015-07-07 Alessandro Ghedini (ghedo debian org) [CORE-2015-0012] - AirLive Multiple Products OS Command Injection 2015-07-06 CORE Advisories Team (advisories coresecurity com) 1. Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-comm and-injection Date published: 2015-07-06 Date of last update: 2015-07-06 Vendors contacted: AirLive Release [ more ] [ reply ] phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities 2015-07-05 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt Vendor: ================================ bitbucket.org/phpliteadmin Product: ================================ phpLiteAdmin v1.1 Adviso [ more ] [ reply ] Google Chrome Address Spoofing - Google's Opinion 2015-07-06 David Leo (david leo deusen co uk) It's public now: https://code.google.com/p/chromium/issues/detail?id=497588 Interesting Points: They did reproduce "I can reproduce this locally" They say it's DoS "seems like any renderer denial-of-service" (The browser does not crash!) They say it's not security issue "remove security flags fr [ more ] [ reply ] 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request 2015-07-06 Pierre Kim (pierre kim sec gmail com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ## Advisory Information Title: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt Blog URL: https://pierrekim.github.io/blog/2015- [ more ] [ reply ] Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability 2015-07-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1472 Ebay Inc Security ID: EIBBP-31808 Release Date: ============= 2015-07-02 Vulnerability Laboratory ID (VL- [ more ] [ reply ] Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability 2015-07-03 Federico Fazzi (federico fazzi gmail com) -------------------------------------------------------- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability -------------------------------------------------------- Vendor ------ https://www.snorby.org/ Version ------- 2.6.2 Description ----------- During my research and testing of new [ more ] [ reply ] Microsoft Office - OLE Packager allows code execution in all versions, with macros disabled 2015-07-03 Kevin Beaumont (kevin beaumont gmail com) SCOPE Every version of Microsoft Office on every Windows OS includes a feature called OLE Packager, allowing content to be embedded in documents. This includes executable content (.exe, .js, .vbe etc) - there is no restriction of embeddable content. There is no way to disable or restrict this fun [ more ] [ reply ] Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability 2015-07-04 Vulnerability Lab (research vulnerability-lab com) (1 replies) Document Title: =============== Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1541 Release Date: ============= 2015-07-02 Vulnerability Laboratory ID (VL-ID): == [ more ] [ reply ] Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability 2015-07-06 Reindl Harald (h reindl thelounge net) WK UDID v1.0.1 iOS - Command Inject Vulnerability 2015-07-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== WK UDID v1.0.1 iOS - Command Inject Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1539 Release Date: ============= 2015-07-01 Vulnerability Laboratory ID (VL-ID): ==================================== [ more ] [ reply ] Ruxcon 2015 Final Call For Presentations 2015-07-06 cfp ruxcon org au Ruxcon 2015 Final Call For Presentations Melbourne, Australia, October 24-25 CQ Function Centre http://www.ruxcon.org.au The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015. This year the conference will take place over the weekend of the 24th and 25th [ more ] [ reply ] CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 2015-07-03 Alessandro Zala (Alessandro Zala csnc ch) ############################################################# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # ############################################################# # # Product: Xpert.Line # Vendor: Soreco AG [1] # CVE ID: CVE-2015-3442 # Sub [ more ] [ reply ] SQL Injection in easy2map wordpress plugin v1.24 2015-07-02 Larry W. Cashdollar (larry0 me com) Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory: [ more ] [ reply ] ipTIME n104r3 vulnerable to CSRF and XSS attacks 2015-07-02 Pierre Kim (pierre kim sec gmail com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ## Advisory Information Title: iptime n104r3 vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt Blog URL: https://pierrekim.github.io/blog/2015-07-03-iptime-n104r3-vulnerable-to- CSRF-and-XSS [ more ] [ reply ] [SECURITY] [DSA 3299-1] stunnel4 security update 2015-07-02 Salvatore Bonaccorso (carnil debian org) ToorCon 17 Call For Papers! 2015-07-01 h1kari (h1kari toorcon org) TOORCON 17 CALL FOR PAPERS It's that time of year again! ToorCon 17 is coming so get your code finished and submit a talk this time around. We're letting you decide if you want to be a part of our 50-minute talks on Saturday, 20-minute talks on Sunday, and 75-minute talks for our Deep Knowledge Sem [ more ] [ reply ] iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... 2015-07-01 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still have quite some of the BLOODY beginners errors I already documented in the past. QuickTime 7.7.7, QuickTime.msi unquoted pathname of executables in command line [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\QuickTime\shell [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] ntp (SSA:2015-188-03)
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patche
[ more ] [ reply ]