Red Hat: 2014:0159-01: kernel: Important Advisory

Feb15
by Ike on February 15, 2014 at 5:24 pm
Posted In: Other

(Feb 11) Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]

└ Tags: , , ,
 Comment 

Red Hat: 2014:0173-01: mysql55-mysql: Moderate Advisory

Feb15
by Ike on February 15, 2014 at 5:24 pm
Posted In: Other

(Feb 13) Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate [More…]

└ Tags: , , ,
 Comment 

cPanel TSR 2014-0002 Full Disclosure

Feb15
by Ike on February 15, 2014 at 8:07 am
Posted In: Community, cPanel, Hosting, News, ProdDevSec, security, TSR

cPanel TSR 2014-0002 Full Disclosure

Case 89985

Summary

Disclosure of cpanel-horde’s MySQL password due to world-readable backups.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

During the upgrade to Horde 5 on 11.42 systems, a backup tarball of the existing Horde configuration files is created. This backup tarball was created in a world-accessible directory with world-readable permissions, allowing local accounts to see the MySQL password for the shared cpanel-horde user.

Credits

This issue was discovered by Rack911.

Solution

This issue is resolved in the following builds:
11.42.0.6

For the PGP-signed message, see http://cpanel.net/wp-content/uploads/2014/02/TSR-2014-0002-Full-Disclosure.txt.

└ Tags: , , , , , , ,
 Comment 

Ubuntu: 2098-2: LibYAML regression

Feb14
by Ike on February 14, 2014 at 5:16 pm
Posted In: Other

(Feb 13) USN-2098-1 introduced a regression in LibYAML.

└ Tags:
 Comment 

Red Hat: 2014:0174-01: piranha: Important Advisory

Feb14
by Ike on February 14, 2014 at 5:16 pm
Posted In: Other

(Feb 13) An updated piranha package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]

└ Tags: , , ,
 Comment 

50 queries. 8.75 mb Memory usage. 0.244 seconds.