(Dec 19) Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend. [More…]
Comment
(Dec 19) Keystone access controls could be circumvented via EC2-style tokens.
(Dec 19) Horizon could be made to expose sensitive information over the network.
(Dec 20) Laurent Butti and Garming Sam discored multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code. [More…]
(Dec 20) Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More…]