Säkerhet

Ubuntu: 2343-1: NSS vulnerability

Linux Security - ons, 2014-09-17 21:08
Kategorier: Säkerhet

Debian: 3021-1: file: Summary

Linux Security - ons, 2014-09-17 21:08
Kategorier: Säkerhet

Ubuntu: 2342-1: QEMU vulnerabilities

Linux Security - ons, 2014-09-17 21:08
Kategorier: Säkerhet

Ubuntu: 2341-1: CUPS vulnerabilities

Linux Security - ons, 2014-09-17 21:08
Kategorier: Säkerhet

Livefyre LiveComments 3.0 Cross Site Scripting

Packet storm - ons, 2014-09-17 18:19
Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.
Kategorier: Säkerhet

WordPress WP-Ban 1.62 Bypass

Packet storm - ons, 2014-09-17 18:18
WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.
Kategorier: Säkerhet

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS

Packet storm - ons, 2014-09-17 18:16
WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
Kategorier: Säkerhet

OsClass 3.4.1 Cross Site Scripting

Packet storm - ons, 2014-09-17 18:01
OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.
Kategorier: Säkerhet

OsClass 3.4.1 Local File Inclusion

Packet storm - ons, 2014-09-17 18:00
OsClass version 3.4.1 suffers from a local file inclusion vulnerability.
Kategorier: Säkerhet

FreeBSD Security Advisory - TCP Denial Of Service

Packet storm - ons, 2014-09-17 17:58
FreeBSD Security Advisory - The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. New TCP connections are initiated using special SYN flag in a datagram. Sequencing of data is controlled by 32-bit sequence numbers, that start with a random value and are increased using modulo 2**32 arithmetic. TCP endpoints maintain a window of expected, and thus allowed, sequence numbers for a connection. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2319-3

Packet storm - ons, 2014-09-17 17:57
Ubuntu Security Notice 2319-3 - USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2349-1

Packet storm - ons, 2014-09-17 17:57
Ubuntu Security Notice 2349-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1255-01

Packet storm - ons, 2014-09-17 17:56
Red Hat Security Advisory 2014-1255-01 - Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
Kategorier: Säkerhet

Debian Security Advisory 3026-1

Packet storm - ons, 2014-09-17 17:56
Debian Linux Security Advisory 3026-1 - Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon.
Kategorier: Säkerhet

Debian Security Advisory 3025-1

Packet storm - ons, 2014-09-17 17:56
Debian Linux Security Advisory 3025-1 - It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490).
Kategorier: Säkerhet

MIUI Torch Enable

Packet storm - ons, 2014-09-17 11:44
MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable the torch.
Kategorier: Säkerhet

Android Bluetooth Enable

Packet storm - ons, 2014-09-17 11:32
A logic flaw in some versions of Android can allow for bluetooth to be automatically enabled via NFC.
Kategorier: Säkerhet