Feed aggregator

Craiglist Gold 'catid' Parameter SQL Injection Vulnerability

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!

[slackware-security] ruby (SSA:2013-136-02)

[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)

APPLE-SA-2013-05-16-1 iTunes 11.0.3

News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Version:3.0.79 (longterm) Released:2013-05-19 Source:linux-3.0.79.tar.xz PGP Signature:linux-3.0.79.tar.sign Patch:patch-3.0.79.xz (Incremental) ChangeLog:ChangeLog-3.0.79

Posted by Sławomir Jabs on May 17

Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

Posted by Slackware Security Team on May 17

[slackware-security] ruby (SSA:2013-136-02)

New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix a security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/ruby-1.9.3_p429-i486-1_slack14.0.txz: Upgraded.
This update fixes a security issue in DL and Fiddle included in Ruby where
tainted strings can be used by system calls regardless of the $SAFE...

Posted by Slackware Security Team on May 17

[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)

New mozilla-thunderbird packages are available for Slackware64 13.37 and
14.0. These were accidentally omitted from the last upload.

Here are the details from the Slackware64 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0.6-x86_64-1_slack14.0.txz: Upgraded.
Here's the package that was missing from the last batch. The...

Posted by Apple Product Security on May 17

APPLE-SA-2013-05-16-1 iTunes 11.0.3

iTunes 11.0.3 is now available and addresses the following:

iTunes
Available for: Mac OS X v10.6.8 or later, Windows 7, Vista,
XP SP2 or later
Impact: An attacker in a privileged network position may manipulate
HTTPS server certificates, leading to the disclosure of sensitive
information
Description: A certificate validation issue existed in iTunes. In
certain contexts, an active network attacker could...

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability

[slackware-security] mozilla-thunderbird (SSA:2013-135-02)

[slackware-security] mozilla-firefox (SSA:2013-135-01)

Version:next-20130517 (linux-next) Released:2013-05-17

OpenStack Keystone Tokens Validation Security Bypass Vulnerability

RETIRED: ownCloud Multiple Security Vulnerabilities

OpenStack Compute (Nova) CVE-2013-2096 Denial of Service Vulnerability

RETIRED: WebKit Multiple Unspecified Memory Corruption Vulnerabilities