Säkerhet

Debian: 3203-1: tor: Summary

Linux Security - fre, 2015-03-27 12:22
Kategorier: Säkerhet

Debian: 3202-1: mono: Summary

Linux Security - fre, 2015-03-27 12:22
Kategorier: Säkerhet

Debian: 3201-1: iceweasel: Summary

Linux Security - fre, 2015-03-27 12:22
Kategorier: Säkerhet

Debian: 3200-1: drupal7: Summary

Linux Security - fre, 2015-03-27 12:22
Kategorier: Säkerhet

Debian: 3199-1: xerces-c: Summary

Linux Security - fre, 2015-03-27 12:22
Kategorier: Säkerhet

Debian: 3198-1: php5: Summary

Linux Security - fre, 2015-03-27 12:22
Kategorier: Säkerhet

Berta CMS File Upload Bypass

Packet storm - tors, 2015-03-26 22:17
Berta CMS versions prior to 0.8.10b suffer from an issues where images with a ".php" extension can be uploaded and all that is required is that they pass the PHP getimagesize() function and have suitable dimensions.
Kategorier: Säkerhet

Red Hat Security Advisory 2015-0729-01

Packet storm - tors, 2015-03-26 22:06
Red Hat Security Advisory 2015-0729-01 - The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command.
Kategorier: Säkerhet

Red Hat Security Advisory 2015-0726-01

Packet storm - tors, 2015-03-26 22:06
Red Hat Security Advisory 2015-0726-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Kategorier: Säkerhet

Red Hat Security Advisory 2015-0728-01

Packet storm - tors, 2015-03-26 22:06
Red Hat Security Advisory 2015-0728-01 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. The ipa component provides centrally managed Identity, Policy, and Audit. The slapi-nis component provides NIS Server and Schema Compatibility plug-ins for Directory Server.
Kategorier: Säkerhet

Red Hat Security Advisory 2015-0727-01

Packet storm - tors, 2015-03-26 22:06
Red Hat Security Advisory 2015-0727-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Kategorier: Säkerhet

Samhain File Integrity Checker 3.1.5

Packet storm - tors, 2015-03-26 19:11
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
Kategorier: Säkerhet

WordPress Aspose Cloud eBook Generator File Download

Packet storm - tors, 2015-03-26 12:22
WordPress Aspose Cloud eBook Generator plugin suffers from an arbitrary file download vulnerability.
Kategorier: Säkerhet

Debian: 3197-1: openssl: Summary

Linux Security - tors, 2015-03-26 11:38
Kategorier: Säkerhet