(Jan 22) Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More…]
Archive for January, 2013
(Jan 19) The security update released in DSA 2605 for Asterisk, caused a regression that could lead to crashes. Updated packages have now been made available to correct that behaviour. For reference, the original advisory text follows. [More…]
(Jan 16) QEMU could be made to crash or run programs if it received speciallycrafted network traffic.
(Jan 17) RPM could be made to crash or run programs if it opened a specially craftedpackage file.
(Jan 17) Several security issues were fixed in the kernel.
(Jan 17) Several security issues were fixed in the kernel.
(Jan 15) It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not [More…]
(Jan 17) Several security issues were fixed in the kernel.
(Jan 17) Several security issues were fixed in the kernel.
(Jan 15) It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not [More…]
(Jan 16) An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges. [More…]
(Jan 16) OpenJDK 7 could be made to crash or run programs as your login if itopened a specially crafted Java applet.
(Jan 17) RPM could incorrectly validate package signatures.
(Jan 16) Updated java-1.7.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More…]
(Jan 14) NSPR update to work with the new NSS.
(Jan 15) Several security issues were fixed in the kernel.
The following bug has been fixed:
[-]If password is empty and this field unfocused, appear message about that password strength is “Weak” (126906)
[-](Linux only) Custom certificate isn’t applied to domain (92428)
[-](Linux only) mailmng generates a lot of “maildirsize quota header is corrupted” messages (115308)
(Jan 13) It has been discovered that in ProFTPd, an FTP server, an attacker on the same physical host as the server may be able to perform a symlink attack allowing to elevate privileges in some configurations. [More…]
(Jan 13) Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, that allow remote attackers to perform denial of service attacks. [More…]
(Jan 15) Several security issues were fixed in the kernel.
(Jan 15) The system could be made to leak data on the kernel stack.
(Jan 14) Updated java-1.7.0-oracle packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]
cPanel has published a new security release, 11.34.1.7, containing Rails and ProFTPd security fixes. We recommend that all affected customers on the CURRENT, RELEASE, and STABLE tiers update to 11.34.1.7 as soon as possible. This release addresses two major vulnerabilities with Ruby on Rails (CVE-2012-5664 and CVE-2013-0156) which are resolved …
(Jan 8) Updated ruby packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Jan 8) Updated freeradius2 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More…]
State of IPv6 in cPanel & WHM IPv4 IP allocation depletion is somewhat analogous to Y2K. The solution is essentially the same, except instead of going from 2 to 4 decimal digits in a year, we’re going from 32 to 128 binary digits in IP addresses while still supporting the …
(Jan 9) GnuPG could be made to corrupt the keyring if it imported a speciallycrafted key.
(Jan 8) Updated hplip3 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More…]