BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 59 min 53 sec ago

[ MDVSA-2014:209 ] java-1.7.0-openjdk

October 24, 2014 - 11:22am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:209
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : java-1.7.0-openjdk
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem...
Categories:

[ MDVSA-2014:208 ] phpmyadmin

October 24, 2014 - 11:13am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:208
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:207 ] ejabberd

October 24, 2014 - 11:03am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:207
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ejabberd
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:206 ] ctags

October 24, 2014 - 10:52am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:206
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ctags
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:205 ] lua

October 24, 2014 - 10:42am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:205
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : lua
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated lua...
Categories:

[slackware-security] glibc (SSA:2014-296-01)

October 24, 2014 - 10:35am

Posted by Slackware Security Team on Oct 24

[slackware-security] glibc (SSA:2014-296-01)

New glibc packages are available for Slackware 14.1 and -current to fix
security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.17-i486-8_slack14.1.txz: Rebuilt.
This update fixes several security issues, and adds an extra security
hardening patch from Florian Weimer. Thanks to mancha for help with
tracking and...
Categories:

[slackware-security] pidgin (SSA:2014-296-02)

October 24, 2014 - 10:27am

Posted by Slackware Security Team on Oct 24

[slackware-security] pidgin (SSA:2014-296-02)

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
pidgin-2.10.10-i486-1_slack14.1.txz: Upgraded.
This update fixes several security issues:
Insufficient SSL certificate validation (CVE-2014-3694)
Remote crash parsing malformed MXit emoticon...
Categories:

[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness

October 24, 2014 - 10:17am

Posted by Egidio Romano on Oct 24

----------------------------------------------------------------
TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness
----------------------------------------------------------------

[-] Software Link:

http://testlink.org/

[-] Affected Versions:

Version 1.9.12 and prior versions.

[-] Weakness Description:

The vulnerable code is located in the /lib/functions/database.class.php script:

208....
Categories:

[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability

October 24, 2014 - 10:09am

Posted by Egidio Romano on Oct 24

--------------------------------------------------------------------------
TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability
--------------------------------------------------------------------------

[-] Software Link:

http://testlink.org/

[-] Affected Versions:

Version 1.9.12 and prior versions.

[-] Weakness Description:

The vulnerable code is located in the /lib/execute/execSetResults.php script:

428....
Categories:

[SECURITY] [DSA 3055-1] pidgin security update

October 24, 2014 - 10:01am

Posted by Moritz Muehlenhoff on Oct 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-3055-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 23, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pidgin
CVE ID : CVE-2014-3694 CVE-2014-3695...
Categories:

OpenBSD <= 5.5 Local Kernel Panic

October 24, 2014 - 9:53am

Posted by Alejandro Hernandez on Oct 24

OpenBSD <= 5.5 (All architectures) is prone to a local DoS condition by triggering a kernel panic through a malformed
ELF executable.

A patch has been released to address this issue. See "013 Reliability Fix" at:
http://www.openbsd.org/errata55.html#013_kernexec

More details and PoC code:
http://www.ioactive.com/pdfs/IOActive_Advisory_OpenBSD_5_5_Local_Kernel_Panic.pdf

Regards,

Alejandro Hernandez
Senior Security Consultant...
Categories:

[ MDVSA-2014:203 ] openssl

October 24, 2014 - 9:46am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:203
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : openssl
Date : October 23, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:204 ] libxml2

October 24, 2014 - 9:38am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:204
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : libxml2
Date : October 23, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A...
Categories:

File Manager v4.2.10 iOS - Code Execution Vulnerability

October 24, 2014 - 9:29am

Posted by Vulnerability Lab on Oct 24

Document Title:
===============
File Manager v4.2.10 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1343

Release Date:
=============
2014-10-21

Vulnerability Laboratory ID (VL-ID):
====================================
1343

Common Vulnerability Scoring System:
====================================
9

Product & Service Introduction:...
Categories:

Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability

October 24, 2014 - 9:21am

Posted by Vulnerability Lab on Oct 24

Document Title:
===============
Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1222

Release Date:
=============
2014-10-21

Vulnerability Laboratory ID (VL-ID):
====================================
1222

Common Vulnerability Scoring System:
====================================
3

Product & Service Introduction:...
Categories:

[ MDVSA-2014:202 ] php

October 24, 2014 - 9:14am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:202
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php
Date : October 23, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A...
Categories:

APPLE-SA-2014-10-22-1 QuickTime 7.7.6

October 24, 2014 - 9:04am

Posted by Apple Product Security on Oct 24

APPLE-SA-2014-10-22-1 QuickTime 7.7.6

QuickTime 7.7.6 is now available and addresses the following:

QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
RLE encoded movie files. This issue was addressed through improved
bounds checking.
CVE-ID...
Categories:

ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability

October 24, 2014 - 8:57am

Posted by Security Alert on Oct 24

ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2014-096

CVE Identifier: CVE-2014-4624

Severity Rating: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

Affected products:
• EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x up to and including 7.0.2-43.

Summary:
EMC Avamar contains a security vulnerability that may allow a remote user to retrieve sensitive information from Avamar...
Categories:

ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability

October 24, 2014 - 8:46am

Posted by Security Alert on Oct 24

ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability

EMC Identifier: ESA-2014-094

CVE Identifier: CVE-2014-4623

Severity Rating: 6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)

Affected products:
• EMC Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE) running Avamar 6.0.x, 6.1.x, and 7.0.x
running with optional Password hardening package earlier than version 2.0.0.4

Summary:
EMC ADS/AVE Password hardening package stores...
Categories:

ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability

October 24, 2014 - 8:36am

Posted by Security Alert on Oct 24

ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability

EMC Identifier: ESA-2014-087

CVE Identifier: CVE-2014-4620

Severity Rating: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Affected products:
• EMC NetWorker Module for MEDITECH (NMMEDI) version 3.0 builds 87-90.

Summary:

A vulnerability exists in the EMC NetWorker Module for MEDITECH when used with EMC RecoverPoint that could...
Categories: