BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 9 min ago

[SECURITY] [DSA 3817-1] jbig2dec security update

1 hour 37 min ago

Posted by Moritz Muehlenhoff on Mar 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3817-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 24, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jbig2dec
CVE ID : CVE-2016-9601

Multiple security...
Categories:

[SECURITY] [DSA 3816-1] samba security update

March 23, 2017 - 6:39am

Posted by Salvatore Bonaccorso on Mar 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3816-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
March 23, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2017-2619

Jann Horn of Google...
Categories:

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

March 22, 2017 - 7:06pm

Posted by Apple Product Security on Mar 22

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

iTunes for Windows 12.6 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153

iTunes
Available for: Windows 7 and later...
Categories:

Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability

March 22, 2017 - 3:16pm

Posted by psirt on Mar 22

Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability

Advisory ID: cisco-sa-20170322-iox

Revision: 1.0

For Public Release: 2017 March 22 16:00 GMT

Last Updated: 2017 March 22 16:00 GMT

CVE ID(s): CVE-2017-3853

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Data-in-Motion (DMo) process...
Categories:

Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability

March 22, 2017 - 3:09pm

Posted by psirt on Mar 22

Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of
Service Vulnerability

Advisory ID: cisco-sa-20170322-ztp

Revision: 1.0

For Public Release: 2017 March 22 16:00 GMT

Last Updated: 2017 March 22 16:00 GMT

CVE ID(s): CVE-2017-3859

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary...
Categories:

Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability

March 22, 2017 - 3:00pm

Posted by psirt on Mar 22

Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20170322-l2tp

Revision: 1.0

For Public Release: 2017 March 22 16:00 GMT

Last Updated: 2017 March 22 16:00 GMT

CVE ID(s): CVE-2017-3857

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in...
Categories:

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability

March 22, 2017 - 2:50pm

Posted by psirt on Mar 22

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability

Advisory ID: cisco-sa-20170322-dhcpc

Revision: 1.0

For Public Release: 2017 March 22 16:00 GMT

Last Updated: 2017 March 22 16:00 GMT

CVE ID(s): CVE-2017-3864

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the DHCP...
Categories:

SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices

March 22, 2017 - 7:24am

Posted by SEC Consult Vulnerability Lab on Mar 22

SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
=======================================================================
title: Multiple vulnerabilities
product: Solare Datensysteme GmbH
Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000
vulnerable version: Firmware 2.8.4-56 / 3.5.2-85
fixed version: Firmware 3.5.3-86
CVE number: -
impact: Critical...
Categories:

Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"

March 21, 2017 - 1:39pm

Posted by Stefan Kanthak on Mar 21

Hi @ll,

Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2
with KB2532445 or KB3125574 installed too) don't allow unprivileged
callers to circumvent AppLocker and SAFER rules via

LoadLibraryEx(TEXT("<arbitrary DLL>"), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL);

See <https://msdn.microsoft.com/en-us/library/ms684179.aspx>
and <https://support.microsoft.com/kb/2532445>

| LOAD_IGNORE_CODE_AUTHZ_LEVEL...
Categories:

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM

March 21, 2017 - 8:02am

Posted by ERPScan inc on Mar 21

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION
Title: [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
Advisory ID: [ERPSCAN-16-041]
Risk: medium...
Categories:

ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability

March 20, 2017 - 2:37pm

Posted by EMC Product Security Response Center on Mar 20

ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability

EMC Identifier: ESA-2017-010
CVE Identifier: CVE-2016-6650
Severity Rating: CVSS v3 Base Score: CVSS v3 Score: 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).

Affected products:

•EMC RecoverPoint versions prior to 5.0

•EMC RecoverPoint for Virtual Machines versions prior to 5.0

Summary:
EMC RecoverPoint update contains a fix for a SSL Stripping Vulnerability that may potentially be...
Categories:

[SECURITY] [DSA 3796-2] sitesummary regression update

March 20, 2017 - 1:16pm

Posted by Sebastien Delafond on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3796-2 security () debian org
https://www.debian.org/security/ Sebastien Delafond
March 20, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : sitesummary
Debian Bug : 852623

DSA-3796-1 for apache2...
Categories:

[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access

March 20, 2017 - 1:05pm

Posted by security-alert on Mar 20

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05121842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05121842
Version: 2

HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access
Restriction Bypass, Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service

March 20, 2017 - 9:03am

Posted by hyp3rlinx on Mar 20

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.extraputty.com

Product:
======================
ExtraPuTTY - v029_RC2
hash: d7212fb5bc4144ef895618187f532773

Also Vulnerable: v0.30 r15
hash: eac63550f837a98d5d52d0a19d938b91

ExtraPuTTY is a fork from 0.67...
Categories:

[SECURITY] [DSA 3813-1] r-base security update

March 20, 2017 - 8:53am

Posted by Moritz Muehlenhoff on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3813-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 19, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : r-base
CVE ID : CVE-2016-8714

Cory Duplantis...
Categories:

[SECURITY] [DSA 3812-1] ioquake3 security update

March 20, 2017 - 8:44am

Posted by Moritz Muehlenhoff on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3812-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ioquake3
CVE ID : CVE-2017-6903

It was discovered...
Categories:

[SECURITY] [DSA 3811-1] wireshark security update

March 20, 2017 - 8:34am

Posted by Moritz Muehlenhoff on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3811-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2017-5596 CVE-2017-5597...
Categories:

Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

March 20, 2017 - 8:23am

Posted by psirt on Mar 20

Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20170317-cmp

Revision: 1.0

For Public Release: 2017 March 17 16:00 GMT

Last Updated: 2017 March 17 16:00 GMT

CVE ID(s): CVE-2017-3881

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A...
Categories: