BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 6 min 8 sec ago

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2

August 26, 2016 - 8:22am

Posted by submit on Aug 26

--------------------------------------------------------------------------------
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
Credit: Maksymilian Arciemowicz from CXSECURITY.COM
URL: https://cxsecurity.com/issue/WLB-2016080232
--------------------------------------------------------------------------------

Apple tried to fix security issue in file system (FTS) libc implementation but doesn't patch it completely....
Categories:

[SECURITY] [DSA 3654-1] quagga security update

August 26, 2016 - 12:31am

Posted by Sebastien Delafond on Aug 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3654-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 26, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : quagga
CVE ID : CVE-2016-4036 CVE-2016-4049
Debian...
Categories:

Necroscan <= v0.9.1 Buffer Overflow

August 26, 2016 - 12:22am

Posted by hyp3rlinx on Aug 25

[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NECROSCAN-BUFFER-OVERFLOW.txt

[+] ISR: ApparitionSec

Vendor:
===================
nscan.hypermart.net

Product:
======================================
NECROSOFT NScan version <= v0.9.1
ver 0.666 build 13
circa 1999

NScan is one of the most fast and flexible portscanners for Windows. It is specially...
Categories:

[SECURITY] [DSA 3652-1] imagemagick security update

August 26, 2016 - 12:13am

Posted by Moritz Muehlenhoff on Aug 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3652-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 25, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2016-4562 CVE-2016-4563...
Categories:

APPLE-SA-2016-08-25-1 iOS 9.3.5

August 25, 2016 - 3:03pm

Posted by Apple Product Security on Aug 25

APPLE-SA-2016-08-25-1 iOS 9.3.5

iOS 9.3.5 is now available and addresses the following:

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4655: Citizen Lab and Lookout

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th...
Categories:

SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise

August 25, 2016 - 3:29am

Posted by SEC Consult Vulnerability Lab on Aug 25

SEC Consult Vulnerability Lab Security Advisory < 20160825-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus GroupWise
vulnerable version: GroupWise 2014 R2 (<=SP1)
GroupWise 2014
(unsupported versions may be affected)
fixed version: GroupWise 2014 R2 Service Pack 1 Hot Patch 1...
Categories:

WebKitGTK+ Security Advisory WSA-2016-0005

August 25, 2016 - 12:55am

Posted by Carlos Alberto Lopez Perez on Aug 24

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0005
------------------------------------------------------------------------

Date reported : August 25, 2016
Advisory ID : WSA-2016-0005
Advisory URL : https://webkitgtk.org/security/WSA-2016-0005.html
CVE identifiers : CVE-2016-4583, CVE-2016-4585, CVE-2016-4586,...
Categories:

nullcon 8-bit Call for Papers is open

August 24, 2016 - 3:12am

Posted by nullcon on Aug 24

Dear Hackers and Security Pros,

Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and the universe , working on the next
big thing in security and request everyone to submit their new
research.

What is 8-bit?
As a tradition of...
Categories:

[slackware-security] gnupg (SSA:2016-236-01)

August 24, 2016 - 12:19am

Posted by Slackware Security Team on Aug 23

[slackware-security] gnupg (SSA:2016-236-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz: Upgraded.
Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
obtains 580 bytes from the standard RNG can trivially...
Categories:

[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

August 22, 2016 - 4:22am

Posted by security-alert on Aug 22

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05240731
Version: 1

HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and
PHP, Multiple Local and Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Path traversal vulnerability in WordPress Core Ajax handlers

August 22, 2016 - 4:05am

Posted by Summer of Pwnage on Aug 22

------------------------------------------------------------------------
Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A path traversal vulnerability was found in the Core Ajax...
Categories: