Säkerhet

Apple Security Advisory 2014-10-16-3

Packet storm - fre, 2014-10-17 17:07
Apple Security Advisory 2014-10-16-3 - OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.
Kategorier: Säkerhet

Apple Security Advisory 2014-10-16-2

Packet storm - fre, 2014-10-17 17:05
Apple Security Advisory 2014-10-16-2 - Security Update 2014-005 is now available and addresses the OS X Mountain Lion 10.8.5 and OS X Mavericks 10.9.5 SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
Kategorier: Säkerhet

Apple Security Advisory 2014-10-16-1

Packet storm - fre, 2014-10-17 17:02
Apple Security Advisory 2014-10-16-1 - OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities.
Kategorier: Säkerhet

Debian Security Advisory 3053-1

Packet storm - fre, 2014-10-17 16:50
Debian Linux Security Advisory 3053-1 - Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2386-1

Packet storm - fre, 2014-10-17 16:50
Ubuntu Security Notice 2386-1 - A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. CVE-2014-6531) Various other issues were also addressed.
Kategorier: Säkerhet

Drupal Core 7.32 SQL Injection

Packet storm - fre, 2014-10-17 11:22
Drupal Core versions 7.32 and below remote SQL injection exploit. Written in Python.
Kategorier: Säkerhet

Drupal Core 7.32 SQL Injection

Packet storm - fre, 2014-10-17 11:22
Drupal Core versions 7.32 and below remote SQL injection exploit. Written in PHP.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1658-01

Packet storm - fre, 2014-10-17 02:04
Red Hat Security Advisory 2014-1658-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1657-01

Packet storm - fre, 2014-10-17 02:03
Red Hat Security Advisory 2014-1657-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1654-01

Packet storm - fre, 2014-10-17 02:03
Red Hat Security Advisory 2014-1654-01 - The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1655-01

Packet storm - fre, 2014-10-17 02:03
Red Hat Security Advisory 2014-1655-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2385-1

Packet storm - fre, 2014-10-17 02:03
Ubuntu Security Notice 2385-1 - It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Various other issues were also addressed.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1653-01

Packet storm - fre, 2014-10-17 02:03
Red Hat Security Advisory 2014-1653-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1652-01

Packet storm - fre, 2014-10-17 02:03
Red Hat Security Advisory 2014-1652-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
Kategorier: Säkerhet

Debian Security Advisory 3052-1

Packet storm - fre, 2014-10-17 02:03
Debian Linux Security Advisory 3052-1 - Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.
Kategorier: Säkerhet

Slackware Security Advisory - openssl Updates

Packet storm - fre, 2014-10-17 02:03
Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Kategorier: Säkerhet

Debian Security Advisory 3051-1

Packet storm - fre, 2014-10-17 02:02
Debian Linux Security Advisory 3051-1 - Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.
Kategorier: Säkerhet

SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

Packet storm - tors, 2014-10-16 22:32
Core Security Technologies Advisory - A vulnerability has been found in SAP Netweaver that could allow an unauthenticated, remote attacker to create denial of service conditions. The vulnerability is triggered by sending a specially crafted SAP Enqueue Server packet to remote TCP port 32NN (NN being the SAP system number) of a host running the "Standalone Enqueue Server" service, part of SAP Netweaver Application Server ABAP/Java. The "Standalone Enqueue Server" is a critical component of a SAP Netweaver installation in terms of availability, rendering the whole SAP system unresponsive.
Kategorier: Säkerhet

OpenX 2.8.10 Open Redirect

Packet storm - tors, 2014-10-16 22:22
OpenX version 2.8.10 suffers from multiple open redirection vulnerabilities.
Kategorier: Säkerhet

HP Security Bulletin HPSBMU03126

Packet storm - tors, 2014-10-16 21:33
HP Security Bulletin HPSBMU03126 - Potential security vulnerabilities have been identified with HP Operations Manager (formerly OpenView Communications Broker). The vulnerabilities could be exploited resulting in remote cross-site scripting (XSS). Revision 1 of this advisory.
Kategorier: Säkerhet