|
|
Colapse all |
Post message
[ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow 2015-04-23 ��海 (donghai_zhu vulnhunt com) [slackware-security] openssl (SSA:2015-111-09) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2015-111-09) New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ [ more ] [ reply ] [slackware-security] bind (SSA:2015-111-01) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2015-111-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patch [ more ] [ reply ] [slackware-security] httpd (SSA:2015-111-03) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2015-111-03) New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ pat [ more ] [ reply ] [slackware-security] ntp (SSA:2015-111-08) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2015-111-08) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches [ more ] [ reply ] [slackware-security] seamonkey (SSA:2015-111-14) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2015-111-14) New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packag [ more ] [ reply ] [slackware-security] ppp (SSA:2015-111-11) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ppp (SSA:2015-111-11) New ppp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches [ more ] [ reply ] [slackware-security] php (SSA:2015-111-10) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2015-111-10) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.4 [ more ] [ reply ] [slackware-security] mutt (SSA:2015-111-07) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mutt (SSA:2015-111-07) New mutt packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] [slackware-security] gnupg (SSA:2015-111-02) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnupg (SSA:2015-111-02) New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ pat [ more ] [ reply ] [slackware-security] proftpd (SSA:2015-111-12) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2015-111-12) New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +-------------------------- [ more ] [ reply ] [slackware-security] libssh (SSA:2015-111-04) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libssh (SSA:2015-111-04) New libssh packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/lib [ more ] [ reply ] [slackware-security] qt (SSA:2015-111-13) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] qt (SSA:2015-111-13) New qt packages are available for Slackware 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/qt-4.8.6-i486-1_s [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2015-111-06) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2015-111-06) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ p [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2015-111-05) 2015-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-111-05) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [security bulletin] HPSBGN03308 rev.1 - HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS), Remote Code Execution 2015-04-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04626974 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04626974 Version: 1 HPSBGN03308 re [ more ] [ reply ] Multiple Cross-Site Scripting (XSS) in FreePBX 2015-04-22 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23253 Product: FreePBX Vendor: Sangoma Technologies Vulnerable Version(s): 12.0.43 and probably prior Tested Version: 12.0.43 Advisory Publication: March 18, 2015 [without technical details] Vendor Notification: March 18, 2015 Vendor Patch: March 27, 2015 Public Disclosure: April [ more ] [ reply ] Netgear WNR2000v4 Multiple Vulnerabilities 2015-04-22 endeavor (endeavor rainbowsandpwnies com) I'm releasing a few vulnerabilities for the WNR2000v4 Netgear router. Netgear is currently working these issues. Quick Fix --------- If you own a WNR2000v4, set a strong password and set security questions to jibberish. Timeline -------- FEB2015 - "MW" Volunteers to be victim to router pwning [ more ] [ reply ] iPassword Manager v2.6 iOS - Persistent Vulnerabilities 2015-04-22 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== iPassword Manager v2.6 iOS - Persistent Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1453 Release Date: ============= 2015-04-21 Vulnerability Laboratory ID (VL-ID): =============================== [ more ] [ reply ] Apple iOS 8.0 - 8.0.2 - Controls Re Auth Bypass Vulnerability 2015-04-22 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Apple iOS 8.0 - 8.0.2 - Controls Re Auth Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1322 Video: http://www.vulnerability-lab.com/get_content.php?id=1334 Release Date: ============= 2015-03-02 [ more ] [ reply ] Reflected XSS Vulnerability In Manage Engine Event Log Analyzer 2015-04-21 kkulkarni controlcase com ======================================================================== ======= Reflected XSS Vulnerability In Manage Engine Event Log Analyzer ======================================================================== ======= . contents:: Table Of Content Overview ======== * Title : Reflected XSS [ more ] [ reply ] Reflected XSS Vulnerability In Manage Engine Firewall Analyzer 2015-04-21 kkulkarni controlcase com ======================================================================== =======Reflected XSS Vulnerability In Manage Engine Firewall Analyzer ======================================================================== ======= . contents:: Table Of Content Overview ======== * Title : Reflected XSS V [ more ] [ reply ] Stored Cross Site Scripting Vulnerability in Add Link to Facebook WordPress Plugin 2015-04-21 kumarrohit2255 gmail com Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin Author: Rohit Kumar Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/ Severity: Medium Version Affected: Version 1.215 and mostly prior to it. Version Tested: Version 1.215 Version Patched : 1.215 [ more ] [ reply ] [SECURITY] [DSA 3231-1] subversion security update 2015-04-21 Salvatore Bonaccorso (carnil debian org) AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5% 2015-04-21 Hector Marco-Gisbert (hecmargi upv es) A security issue in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries (statically compiled). The problem appears because some mmapped objects (VDSO, libraries, etc.) are poorly randomized [ more ] [ reply ] Linux ASLR mmap weakness: Reducing entropy by half 2015-04-21 Hector Marco-Gisbert (hecmargi upv es) A bug in Linux ASLR implementation has been found. The issue is that the mmap base address for processes is not properly randomized on some architectures due to an improper bit-mask manipulation. Affected systems have reduced the mmap area entropy of the processes by half. The number of possible [ more ] [ reply ] [security bulletin] HPSBGN03305 rev.1 - HP Business Service Management (BSM) products running SSLv3, Remote Disclosure of Information 2015-04-21 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04626982 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04626982 Version: 1 HPSBGN03305 re [ more ] [ reply ] GoAutoDial 3.3 multiple vulnerabilities 2015-04-21 root localhost com Affected software: GoAutoDial Affected version: 3.3-1406088000 (GoAdmin) and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory: http://goautodial.org/news/21 Abstract: Multiple vulnerabilties exist in the GoAutodial 3.3 o [ more ] [ reply ] Google Analytics by Yoast stored XSS #2 2015-04-21 Jouko Pynnonen (jouko iki fi) OVERVIEW ========== Google Analytics by Yoast is one of the most popular WordPress plug-ins with over 7 million downloads and "1+ million" active installs. Last month Yoast patched a stored XSS we reported in the plug-in. Shortly after this we identified another bug of a similar severity. The secon [ more ] [ reply ] |
|
Privacy Statement |
Advisory URL: http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19
Date published: 2015-04-23
Date of last update: 2015-04-23
2. Vulnerability Information
Class: heap overflow
Impact: memory information leak and remote code execution
Remote Exploitable: Yes
Loc
[ more ] [ reply ]