(Feb 13) Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate [More…]
cPanel TSR 2014-0002 Full Disclosure Case 89985 Summary Disclosure of cpanel-horde’s MySQL password due to world-readable backups. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description During the upgrade to Horde 5 on 11.42 systems, a backup tarball of the existing Horde configuration files is …
(Feb 13) USN-2098-1 introduced a regression in LibYAML.
(Feb 13) An updated piranha package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]
(Feb 13) An updated piranha package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
(Feb 12) The security update released in DSA-2850-1 for libyaml introduced a regression in libyaml failing to parse a subset of valid yaml documents. For reference the original advisory text follows. [More…]
(Feb 11) Holger Levsen discovered that parcimonie, a privacy-friendly helper to refresh a GnuPG keyring, is affected by a design problem that undermines the usefulness of this piece of software in the intended threat model. [More…]
(Feb 11) Libav could be made to crash or run programs as your login if it opened aspecially crafted file.
(Feb 12) LXC would allow unintended access to the host, bypassing intendedconfinement.
(Feb 12) Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]
(Feb 12) Updated mysql packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More…]
cPanel TSR-2014-0002 Announcement cPanel has released a new build for the 11.42, CURRENT, and EDGE update tiers. This update provides targeted changes to address security concerns with the 11.42 release of the cPanel & WHM product. This build is currently available to all customers via the standard update system. cPanel …
(Feb 7) It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition. [More…]
(Feb 10) Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477 [More…]
(Feb 10) libgadu could be made to crash or run programs if it received speciallycrafted network traffic.
(Feb 10) Firefox could be made to crash or run programs as your login if itopened a malicious website.
(Feb 10) An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low [More…]
Netcraft has found dozens of fake SSL certificates impersonating banks, ecommerce sites, ISPs and social networks. Some of these certificates may be used to carry out man-in-the-middle attacks against the affected companies and their customers. Successful attacks would allow criminals to decrypt legitimate online banking traffic before re-encrypting it and forwarding it to the bank. […]
GCHQ’s website at www.gchq.gov.uk is exhibiting some noticeable performance issues today, suggesting that it could be suffering from a denial of service attack. Last week, documents from whistle-blower Edward Snowden revealed that GCHQ carried out denial of service (DoS) attacks against communications systems used by the hacktivist group Anonymous during their own Operation […]
(Feb 10) Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security [More…]
(Feb 8) It was discovered by the Spring development team that the fix for the XML External Entity (XXE) Injection (CVE-2013-4152) in the Spring Framework was incomplete. [More…]
2/10/2014 Houston, TX – cPanel, Inc. has released EasyApache 3.24. This version removes Apache 1.3/2.0, PHP 5.2, and mod_frontpage. As mentioned in Introducing EasyApache’s Optimal Profiles, these End of Life (EOL) items are no longer available in EasyApache. These items have been removed for the following reasons: They are no …
(Feb 4) Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]
(Feb 6) Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute [More…]
(Feb 5) Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-crafted one of those variables allowing her to load and [More…]
(Feb 4) LibYAML could be made to crash or run programs if it opened speciallycrafted yaml document.
(Feb 4) Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having [More…]
(Feb 4) Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]
(Feb 5) Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. The IDs mentioned above are just a portion of the security issues fixed in this update. A full list of the changes is available at [More…]
(Feb 5) Several issues have been discovered in mumble, a low latency VoIP client. The Common Vulnerabilities and Exposures project identifies the following issues: [More…]
58 queries. 8.75 mb Memory usage. 1.305 seconds.