(Jul 17) Updated nss and nspr packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. [More…]
(Jul 12) Several security vulnerabilities have been found in Puppet, a centralized configuration management: CVE-2012-3864 [More…]
(Dec 9) Two security issues are found on activepack shipped on Fedora 10. One bug is
that there is a weakness in the strip_tags function in ruby on rails (bug
542786, CVE-2009-4214). Another one is a possibility to circumvent protection
against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm
will fix these issues.
(Dec 9) Update to 3.12.5 This update fixes the following security flaw:
CVE-2009-3555 TLS: MITM attacks via session renegotiation
(Jul 26) Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered. CVE-2012-3571 [More…]
(Jul 26) DHCP could be made to crash if it received specially crafted networktraffic.
(Jul 26) Bind could be made to crash if it received specially crafted networktraffic.
(Jul 12) John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks. [More…]
(Jul 18) Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Jul 17) Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More…]
(Jul 17) Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. [More…]
(Jul 17) Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-1948 [More…]
(Dec 9) This update contains the latest stable release of Apache httpd. Three security
fixes are included, along with several minor bug fixes. A flaw was found in
the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols
handle session renegotiation. A man-in-the-middle attacker could use this flaw
to prefix arbitrary plain text to a client’s session (for example, an HTTPS
connection to a website). This could force the server to process an attacker’s
request as if authenticated using the victim’s credentials. This update
partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by
rejecting client-requested renegotiation. (CVE-2009-3555) Note: This update
does not fully resolve the issue for HTTPS servers. An attack is still possible
in configurations that require a server-initiated renegotiation A NULL
pointer dereference flaw was found in the Apache mod_proxy_ftp module. A
malicious FTP server to which requests are being proxied could use this flaw to
crash an httpd child process via a malformed reply to the EPSV or PASV commands,
resulting in a limited denial of service. (CVE-2009-3094) A second flaw was
found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a
remote attacker could use this flaw to bypass intended access restrictions by
creating a carefully-crafted HTTP Authorization header, allowing the attacker to
send arbitrary commands to the FTP server. (CVE-2009-3095) See the upstream
changes file for further information:
http://www.apache.org/dist/httpd/CHANGES_2.2.14
(Dec 10) CVE-2009-4131: EXT4 – fix insufficient permission checking which could result
in arbitrary data corruption by a local unprivileged user.
(Jul 25) An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Jul 24) Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.0 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More…]
(Jul 19) tiff2pdf could be made to crash or run programs as your login if it openeda specially crafted file.
(Jul 17) Several security issues were fixed in Firefox.
(Dec 11) Update to 1.8.6 p368 This package also fixes the build failure on arm
-gnueabi systems (bug 506233), and DOS vulnerability issue on BigDecimal method
(bug 504958, CVE-2009-1904)
(Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . …
(Jul 22) Rafal Wojtczuk from Bromium discovered that FreeBSD wasn’t handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users. [More…]
(Dec 11) This update fixes possible DoS with mode 7 packets. (CVE-2009-3563)
(Dec 11) Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing
multiple security issues. The list for 1.9.7 release:
————————– Security issues * MSA-09-0022 – Multiple
CSRF problems fixed * MSA-09-0023 – Fixed user account disclosure in LAMS
module * MSA-09-0024 – Fixed insufficient access control in Glossary module
* MSA-09-0025 – Unneeded MD5 hashes removed from user table * MSA-09-0026 –
Fixed invalid application access control in MNET interface * MSA-09-0027 –
Ensured login information is always sent secured when using
SSL for logins * MSA-09-0028 – Passwords and secrets are no longer ever
saved in backups, new backup capabilities
moodle/backup:userinfo and moodle/restore:userinfo for
controlling who can backup/restore user data, new checks in
the security overview report help admins identify dangerous
backup permissions * MSA-09-0029 – A strong password
policy is now enabled by default, enabling password salt in
encouraged in config.php, admins are forced to change
password after the upgrade and admins can force password
change on other users via Bulk user actions *
MSA-09-0030 – New detection of insecure Flash player plugins, Moodle
won’t serve Flash to insecure plugins * MSA-09-0031 – Fixed SQL injection
in SCORM module The list for 1.8.11 release: —————————-
Security issues * MSA-09-0022 – Multiple CSRF problems fixed *
MSA-09-0023 – Fixed user account disclosure in LAMS module * MSA-09-0024 –
Fixed insufficient access control in Glossary module * MSA-09-0025 –
Unneeded MD5 hashes removed from user table * MSA-09-0026 – Fixed invalid
application access control in MNET interface * MSA-09-0027 – Ensured login
information is always sent secured when using SSL for
logins * MSA-09-0028 – Passwords and secrets are no longer ever saved in
backups, new backup capabilities moodle/backup:userinfo and
moodle/restore:userinfo for controlling who can
backup/restore user data * MSA-09-0029 – Enabling a password salt in
encouraged in config.php and admins are forced to change
password after the upgrade * MSA-09-0031 –
Fixed SQL injection in SCORM module References: ———–
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request:
———— http://www.openwall.com/lists/oss-security/2009/12/06/1
(Jul 19) Marek VavruĊĦa and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. his can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of [More…]
(Dec 11) Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing
multiple security issues. The list for 1.9.7 release:
————————– Security issues * MSA-09-0022 – Multiple
CSRF problems fixed * MSA-09-0023 – Fixed user account disclosure in LAMS
module * MSA-09-0024 – Fixed insufficient access control in Glossary module
* MSA-09-0025 – Unneeded MD5 hashes removed from user table * MSA-09-0026 –
Fixed invalid application access control in MNET interface * MSA-09-0027 –
Ensured login information is always sent secured when using
SSL for logins * MSA-09-0028 – Passwords and secrets are no longer ever
saved in backups, new backup capabilities
moodle/backup:userinfo and moodle/restore:userinfo for
controlling who can backup/restore user data, new checks in
the security overview report help admins identify dangerous
backup permissions * MSA-09-0029 – A strong password
policy is now enabled by default, enabling password salt in
encouraged in config.php, admins are forced to change
password after the upgrade and admins can force password
change on other users via Bulk user actions *
MSA-09-0030 – New detection of insecure Flash player plugins, Moodle
won’t serve Flash to insecure plugins * MSA-09-0031 – Fixed SQL injection
in SCORM module The list for 1.8.11 release: —————————-
Security issues * MSA-09-0022 – Multiple CSRF problems fixed *
MSA-09-0023 – Fixed user account disclosure in LAMS module * MSA-09-0024 –
Fixed insufficient access control in Glossary module * MSA-09-0025 –
Unneeded MD5 hashes removed from user table * MSA-09-0026 – Fixed invalid
application access control in MNET interface * MSA-09-0027 – Ensured login
information is always sent secured when using SSL for
logins * MSA-09-0028 – Passwords and secrets are no longer ever saved in
backups, new backup capabilities moodle/backup:userinfo and
moodle/restore:userinfo for controlling who can
backup/restore user data * MSA-09-0029 – Enabling a password salt in
encouraged in config.php and admins are forced to change
password after the upgrade * MSA-09-0031 –
Fixed SQL injection in SCORM module References: ———–
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request:
———— http://www.openwall.com/lists/oss-security/2009/12/06/1
(Jan 9) Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/med …
(Jul 23) The system could be made to crash under certain conditions.
(Jul 19) KDE PIM could be made to execute JavaScript if it opened a speciallycrafted email.
(Jul 23) Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having [More…]
(Jul 18) Updated glibc packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
61 queries. 8.5 mb Memory usage. 0.567 seconds.