Ike.ninja

(Dec 11) Update to 1.8.6 p368 This package also fixes the build failure on arm
-gnueabi systems (bug 506233), and DOS vulnerability issue on BigDecimal method
(bug 504958, CVE-2009-1904)

(Jul 22) Rafal Wojtczuk from Bromium discovered that FreeBSD wasn’t handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users. [More…]

(Dec 11) Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing
multiple security issues. The list for 1.9.7 release:
————————– Security issues * MSA-09-0022 – Multiple
CSRF problems fixed * MSA-09-0023 – Fixed user account disclosure in LAMS
module * MSA-09-0024 – Fixed insufficient access control in Glossary module
* MSA-09-0025 – Unneeded MD5 hashes removed from user table * MSA-09-0026 –
Fixed invalid application access control in MNET interface * MSA-09-0027 –
Ensured login information is always sent secured when using
SSL for logins * MSA-09-0028 – Passwords and secrets are no longer ever
saved in backups, new backup capabilities
moodle/backup:userinfo and moodle/restore:userinfo for
controlling who can backup/restore user data, new checks in
the security overview report help admins identify dangerous
backup permissions * MSA-09-0029 – A strong password
policy is now enabled by default, enabling password salt in
encouraged in config.php, admins are forced to change
password after the upgrade and admins can force password
change on other users via Bulk user actions *
MSA-09-0030 – New detection of insecure Flash player plugins, Moodle
won’t serve Flash to insecure plugins * MSA-09-0031 – Fixed SQL injection
in SCORM module The list for 1.8.11 release: —————————-
Security issues * MSA-09-0022 – Multiple CSRF problems fixed *
MSA-09-0023 – Fixed user account disclosure in LAMS module * MSA-09-0024 –
Fixed insufficient access control in Glossary module * MSA-09-0025 –
Unneeded MD5 hashes removed from user table * MSA-09-0026 – Fixed invalid
application access control in MNET interface * MSA-09-0027 – Ensured login
information is always sent secured when using SSL for
logins * MSA-09-0028 – Passwords and secrets are no longer ever saved in
backups, new backup capabilities moodle/backup:userinfo and
moodle/restore:userinfo for controlling who can
backup/restore user data * MSA-09-0029 – Enabling a password salt in
encouraged in config.php and admins are forced to change
password after the upgrade * MSA-09-0031 –
Fixed SQL injection in SCORM module References: ———–
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request:
———— http://www.openwall.com/lists/oss-security/2009/12/06/1

(Dec 11) Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing
multiple security issues. The list for 1.9.7 release:
————————– Security issues * MSA-09-0022 – Multiple
CSRF problems fixed * MSA-09-0023 – Fixed user account disclosure in LAMS
module * MSA-09-0024 – Fixed insufficient access control in Glossary module
* MSA-09-0025 – Unneeded MD5 hashes removed from user table * MSA-09-0026 –
Fixed invalid application access control in MNET interface * MSA-09-0027 –
Ensured login information is always sent secured when using
SSL for logins * MSA-09-0028 – Passwords and secrets are no longer ever
saved in backups, new backup capabilities
moodle/backup:userinfo and moodle/restore:userinfo for
controlling who can backup/restore user data, new checks in
the security overview report help admins identify dangerous
backup permissions * MSA-09-0029 – A strong password
policy is now enabled by default, enabling password salt in
encouraged in config.php, admins are forced to change
password after the upgrade and admins can force password
change on other users via Bulk user actions *
MSA-09-0030 – New detection of insecure Flash player plugins, Moodle
won’t serve Flash to insecure plugins * MSA-09-0031 – Fixed SQL injection
in SCORM module The list for 1.8.11 release: —————————-
Security issues * MSA-09-0022 – Multiple CSRF problems fixed *
MSA-09-0023 – Fixed user account disclosure in LAMS module * MSA-09-0024 –
Fixed insufficient access control in Glossary module * MSA-09-0025 –
Unneeded MD5 hashes removed from user table * MSA-09-0026 – Fixed invalid
application access control in MNET interface * MSA-09-0027 – Ensured login
information is always sent secured when using SSL for
logins * MSA-09-0028 – Passwords and secrets are no longer ever saved in
backups, new backup capabilities moodle/backup:userinfo and
moodle/restore:userinfo for controlling who can
backup/restore user data * MSA-09-0029 – Enabling a password salt in
encouraged in config.php and admins are forced to change
password after the upgrade * MSA-09-0031 –
Fixed SQL injection in SCORM module References: ———–
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request:
———— http://www.openwall.com/lists/oss-security/2009/12/06/1

(Jul 19) KDE PIM could be made to execute JavaScript if it opened a speciallycrafted email.

(Jul 18) Updated glibc packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]