|
|
Colapse all |
Post message
[slackware-security] glibc (SSA:2015-028-01) 2015-01-28 Slackware Security Team (security slackware com) KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation 2015-01-29 KoreLogic Disclosures (disclosures korelogic com) KL-001-2015-001 : Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Title: Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-001 Publication Date: 2015.01.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-201 [ more ] [ reply ] [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8 2015-01-28 sven bsddaemon org [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8 ---------------------------------------------------------------- Product Information: Software: Photo Gallery (Wordpress Plugin) Tested Version: 1.2.8, released on 15.01.2015 and has over half a million downloads. V [ more ] [ reply ] [CVE-2015-1394] Photo Gallery (Wordpress Plugin) - Multiple XSS Vulnerabilities Version 1.2.8 2015-01-28 sven bsddaemon org [CVE-2015-1394] Photo Gallery (Wordpress Plugin) - Multiple XSS Vulnerabilities Version 1.2.8 ---------------------------------------------------------------- Product Information: Software: Photo Gallery (Wordpress Plugin) Tested Version: 1.2.8, released on 15.01.2015 and has over half a million [ more ] [ reply ] [AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability 2015-01-28 Amplia Security Advisories (advisories ampliasecurity com) OS X Gatekeeper Bypass Vulnerability Amplia Security - Amplia Security Research Advisory (AMPLIA-ARA100614) Advisory ID: AMPLIA-ARA100614 Advisory URL: http://www.ampliasecurity.com/advisories/os-x-gatekeeper-bypass-vulnerab ility.html, http://www.ampliasecurity.com/advisories/AMPLIA-ARA100614.txt D [ more ] [ reply ] NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues 2015-01-27 VMware Security Response Center (security vmware com) Multiple vulnerabilities in MantisBT 2015-01-28 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23243 Product: MantisBT Vendor: MantisBT Team Vulnerable Version(s): 1.2.17 and probably prior Tested Version: 1.2.17 Advisory Publication: December 3, 2014 [without technical details] Vendor Notification: December 3, 2014 Vendor Patch: January 25, 2015 Public Disclosure: January [ more ] [ reply ] Two XSS Vulnerabilities in SupportCenter Plus 2015-01-28 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23247 Product: SupportCenter Plus Vendor: Zoho Corp. Vulnerable Version(s): 7.9 and probably prior Tested Version: 7.9 Advisory Publication: January 7, 2015 [without technical details] Vendor Notification: January 7, 2015 Vendor Patch: January 23, 2015 Public Disclosure: January [ more ] [ reply ] [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities 2015-01-27 CORE Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FreeBSD Kernel Multiple Vulnerabilities 1. *Advisory Information* Title: FreeBSD Kernel Multiple Vulnerabilities Advisory ID: CORE-2015-0003 Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-multiple-vulnerabilit [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:03.sctp 2015-01-27 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-15:02.kmem 2015-01-27 FreeBSD Security Advisories (security-advisories freebsd org) APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 2015-01-27 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 OS X 10.10.2 and Security Update 2015-001 are now available and address the following: AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determin [ more ] [ reply ] APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 2015-01-27 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.1 [ more ] [ reply ] APPLE-SA-2015-01-27-2 iOS 8.1.3 2015-01-27 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-2 iOS 8.1.3 iOS 8.1.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted afc command may allow [ more ] [ reply ] APPLE-SA-2015-01-27-1 Apple TV 7.0.3 2015-01-27 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple TV 7.0.3 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesyst [ more ] [ reply ] Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow 2015-01-27 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory CVE-2015-0235 GHOST: glibc gethostbyname buffer overflow --[ Contents ]---------------------------------------------------------------- 1 - Summary 2 - Analysis 3 - Mitigating factors 4 - Case studies 5 - Exploitation 6 - Acknowledgments --[ 1 - Summary ]------------- [ more ] [ reply ] [SYSS-2014-010] FancyFon FAMOC - SQL Injection 2015-01-27 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-010 Product(s): FAMOC Vendor: FancyFon Affected Version(s): 3.16.5 Tested Version(s): 3.16.5 Vulnerability Type: SQL Injection (CWE-89) Risk Level: High Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date: 2015 [ more ] [ reply ] [SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt 2015-01-27 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-013 Product(s): FAMOC Vendor: FancyFon Affected Version(s): 3.16.5 Tested Version(s): 3.16.5 Vulnerability Type: Use of a One-Way Hash without a Salt (CWE-759) Risk Level: Low Solution Status: Fixed Vendor Notification: 2014-12 [ more ] [ reply ] [SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting 2015-01-27 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-011 Product(s): FAMOC Vendor: FancyFon Affected Version(s): 3.16.5 Tested Version(s): 3.16.5 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Fixed Vendor Notification: 2014-12-19 Solution D [ more ] [ reply ] [SYSS-2014-012] FancyFon FAMOC - Session Fixation 2015-01-27 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-012 Product(s): FAMOC Vendor: FancyFon Affected Version(s): 3.16.5 Tested Version(s): 3.16.5 Vulnerability Type: Session Fixation (CWE-384) Risk Level: Low Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date: 2 [ more ] [ reply ] CVE-2015-0223: anonymous access to qpidd cannot be prevented 2015-01-26 Gordon Sim (gsim apache org) [CORE-2015-0002] - Android WiFi-Direct Denial of Service 2015-01-26 CORE Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Android WiFi-Direct Denial of Service 1. *Advisory Information* Title: Android WiFi-Direct Denial of Service Advisory ID: CORE-2015-0002 Advisory URL: http://www.coresecurity.com/advisories/android-wifi-direct-denial-servic e Dat [ more ] [ reply ] WebKitGTK+ Security Advisory WSA-2015-0001 2015-01-26 Carlos Alberto Lopez Perez (clopez igalia com) Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability 2015-01-22 Rewterz - Research Group (advisories rewterz com) ======================================================================== ======== [REWTERZ-20140103] - Rewterz - Security Advisory ======================================================================== ======== Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product: S [ more ] [ reply ] REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability 2015-01-22 Rewterz - Research Group (advisories rewterz com) ======================================================================== ======== [REWTERZ-20140102] - Rewterz - Security Advisory ======================================================================== ======== Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability Product: ServiceDesk [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] glibc (SSA:2015-028-01)
New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
and 14.1 to fix a security issue.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pack
[ more ] [ reply ]