Säkerhet

Ubuntu Security Notice USN-3386-1

Packet storm - tors, 2017-08-10 14:21
Ubuntu Security Notice 3386-1 - Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
Kategorier: Säkerhet

Ubuntu Security Notice USN-3385-2

Packet storm - tors, 2017-08-10 14:20
Ubuntu Security Notice 3385-2 - USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
Kategorier: Säkerhet

Ubuntu Security Notice USN-3385-1

Packet storm - tors, 2017-08-10 14:19
Ubuntu Security Notice 3385-1 - Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
Kategorier: Säkerhet

Ubuntu Security Notice USN-3384-2

Packet storm - tors, 2017-08-10 14:18
Ubuntu Security Notice 3384-2 - USN-3384-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
Kategorier: Säkerhet

Ubuntu Security Notice USN-3384-1

Packet storm - tors, 2017-08-10 14:17
Ubuntu Security Notice 3384-1 - Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
Kategorier: Säkerhet

Red Hat Security Advisory 2017-2456-01

Packet storm - tors, 2017-08-10 14:16
Red Hat Security Advisory 2017-2456-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
Kategorier: Säkerhet

Red Hat Security Advisory 2017-1832-01

Packet storm - tors, 2017-08-10 14:15
Red Hat Security Advisory 2017-1832-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.
Kategorier: Säkerhet

Debian Security Advisory 3936-1

Packet storm - tors, 2017-08-10 14:14
Debian Linux Security Advisory 3936-1 - Several vulnerabilities have been found in the PostgreSQL database system.
Kategorier: Säkerhet

Debian Security Advisory 3935-1

Packet storm - tors, 2017-08-10 14:13
Debian Linux Security Advisory 3935-1 - Several vulnerabilities have been found in the PostgreSQL database system.
Kategorier: Säkerhet

HP Security Bulletin HPESB3P03762 1

Packet storm - tors, 2017-08-10 14:12
HP Security Bulletin HPESB3P03762 1 - HPE StoreFabric C-series Switch Software uses Ciscos Prime Data Center Network Manager (DCNM). Cisco has identified a remote code execution vulnerability in two versions of Cisco Prime Data Center Network Manager (DCNM) which HPE had included for download for customers under contract from the HPE Support Center. The affected versions of DCNM are 10.1(1) and 10.1(2). HPE bundled these DCNM versions with the following MDS and Nexus firmware downloads: * MDS 7.3(0)DY(1), released February 2017 * MDS 7.3(1)DY(1), released April 2017 * Nexus 5.2(1)N1(9b), released May 2017 **Note:** A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. Revision 1 of this advisory.
Kategorier: Säkerhet

Slackware Security Advisory - mozilla-firefox Updates

Packet storm - tors, 2017-08-10 01:24
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
Kategorier: Säkerhet

Slackware Security Advisory - curl Updates

Packet storm - tors, 2017-08-10 01:23
Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
Kategorier: Säkerhet

Mobius Forensic Toolkit 0.5.30

Packet storm - tors, 2017-08-10 00:22
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Kategorier: Säkerhet

DALIM SOFTWARE ES Core 5.0 Build 7184.1 XSS / CSRF

Packet storm - tors, 2017-08-10 00:22
DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
Kategorier: Säkerhet

DALIM SOFTWARE ES Core 5.0 Build 7184.1 File Disclosure

Packet storm - ons, 2017-08-09 22:22
DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from multiple remote file disclosure vulnerabilities.
Kategorier: Säkerhet

DALIM SOFTWARE ES Core 5.0 Build 7184.1 SSRF

Packet storm - ons, 2017-08-09 21:11
DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from a server-side request forgery vulnerability.
Kategorier: Säkerhet

Faraday 2.6.2

Packet storm - ons, 2017-08-09 19:22
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Kategorier: Säkerhet

DALIM SOFTWARE ES Core 5.0 Build 7184.1 User Enumeration

Packet storm - ons, 2017-08-09 16:44
DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from a user enumeration weakness vulnerability.
Kategorier: Säkerhet

I2P 0.9.31

Packet storm - tis, 2017-08-08 16:44
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
Kategorier: Säkerhet

Red Hat Security Advisory 2017-2452-01

Packet storm - tis, 2017-08-08 05:10
Red Hat Security Advisory 2017-2452-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
Kategorier: Säkerhet