Feed aggregator

Bugtraq: APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7
Categories:

Bugtraq: APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001
Categories:

Bugtraq: APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
Categories:

Bugtraq: APPLE-SA-2015-06-30-1 iOS 8.4

APPLE-SA-2015-06-30-1 iOS 8.4
Categories:

More rss feeds from SecurityFocus

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories:

next-20150701: linux-next

Linux Kernel Updates - 7 hours 41 min ago
Version:next-20150701 (linux-next) Released:2015-07-01

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

BugTraq Latest Security Advisories - June 30, 2015 - 12:58pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

Mac EFI Security Update 2015-001 is now available and addresses the
following:

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root privileges may be able to
modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash
when resuming from sleep states. This issue was addressed through
improved locking....
Categories:

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

BugTraq Latest Security Advisories - June 30, 2015 - 12:51pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and
address the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.3
Impact: A maliciously crafted website can access the WebSQL
databases of other websites
Description: An issue existed in the authorization checks for
renaming WebSQL tables. This could...
Categories:

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

BugTraq Latest Security Advisories - June 30, 2015 - 12:38pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update
2015-005

OS X Yosemite v10.10.4 and Security Update 2015-005 are now available
and address the following:

Admin Framework
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A process may gain admin privileges without proper
authentication
Description: An issue existed when checking XPC entitlements. This
issue was addressed through improved...
Categories:

Bugtraq: Google Chrome Address Spoofing (Request For Comment)

Security Focus Latest Security Advisories - June 30, 2015 - 12:30pm
Google Chrome Address Spoofing (Request For Comment)
Categories:

Bugtraq: CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP

Security Focus Latest Security Advisories - June 30, 2015 - 12:30pm
CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP
Categories:

Bugtraq: [SECURITY] [DSA 3297-1] unattended-upgrades security update

Security Focus Latest Security Advisories - June 30, 2015 - 12:30pm
[SECURITY] [DSA 3297-1] unattended-upgrades security update
Categories:

Bugtraq: [SECURITY] [DSA 3296-1] libcrypto++ security update

Security Focus Latest Security Advisories - June 30, 2015 - 12:30pm
[SECURITY] [DSA 3296-1] libcrypto++ security update
Categories:

APPLE-SA-2015-06-30-1 iOS 8.4

BugTraq Latest Security Advisories - June 30, 2015 - 12:27pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-1 iOS 8.4

iOS 8.4 is now available and addresses the following:

Application Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious universal provisioning profile app may prevent
apps from launching
Description: An issue existed in the install logic for universal
provisioning profile apps, which allowed a collision to occur with
existing bundle IDs. This issue...
Categories:

Bugtraq: novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities

novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities
Categories:

Google Chrome Address Spoofing (Request For Comment)

BugTraq Latest Security Advisories - June 30, 2015 - 7:21am

Posted by David Leo on Jun 30

Impact:
The "click to verify" thing is completely broken...
Anyone can be "BBB Accredited Business" etc.
You can make whitehouse.gov display "We love Islamic State" :-)

Note:
No user interaction on the fake page.

Code:
***** index.html
<script>
function next()
{
w.location.replace('http://www.oracle.com/index.html?'+n);n++;
setTimeout("next();",15);...
Categories:

CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP

BugTraq Latest Security Advisories - June 30, 2015 - 6:15am

Posted by Fernando Muñoz on Jun 30

TimeDoctor claims to be a software that helps to improve the
productivity of teams, reduce time spent on distractions [1]

Vulnerability:
TimeDoctor autoupdate feature downloads and executes files over plain
HTTP and doesn't perform any check with the files. An attacker with
MITM capabilities (i.e., when user connects to a public wifi) could
override the Timedoctor subdomain and then execute custom binaries on
the machine where the...
Categories:

Bugtraq: CollabNet Subversion Edge indes local file inclusion

CollabNet Subversion Edge indes local file inclusion
Categories:

next-20150630: linux-next

Linux Kernel Updates - June 30, 2015 - 12:47am
Version:next-20150630 (linux-next) Released:2015-06-30

4.1.1: stable

Linux Kernel Updates - June 29, 2015 - 2:55pm
Version:4.1.1 (stable) Released:2015-06-29 Source:linux-4.1.1.tar.xz PGP Signature:linux-4.1.1.tar.sign Patch:patch-4.1.1.xz ChangeLog:ChangeLog-4.1.1