BugTraq Latest Security Advisories
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 12 min ago
[slackware-security] kernel (SSA:2013-140-01)
Posted by Slackware Security Team on May 21
[slackware-security] kernel (SSA:2013-140-01)New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix
a security issue.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.2.45/*: Upgraded.
Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local
users to gain a root shell. Be sure to upgrade your initrd and reinstall
LILO after upgrading...
Sony PS3 Firmware v4.31 - Code Execution Vulnerability
Posted by Vulnerability Lab on May 21
Title:======
Sony PS3 Firmware v4.31 - Code Execution Vulnerability
Date:
=====
2013-05-12
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=767
VL-ID:
=====
767
Common Vulnerability Scoring System:
====================================
6.5
Introduction:
=============
The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the...
CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)
Posted by chudakovma on May 21
CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk,Personal Firewall)
CVE reference:
CVE-2013-3496
Credit:
Maksim Chudakov (@MChudakov)
Andrey Kurtasanov(andreykurtasanov () gmail com)
Severity:
Medium
Local\Remote:
Local
Vulnerability Class:
Privilege Escalation
Vendor URL:
http://www.infotecs.biz/
Affected OS:
Windows
Vulnerable systems:
ViPNet Client 3.2.10 (15632) and...
Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt)
Posted by Fernando Gont on May 21
Folks,We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".
This revision is available at:
<http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.
This proposal is key for the mitigation of address-scanning attacks,
while at the same time preventing host-tracking.
Stay tuned for more IPv6 security news...
Defense in depth -- the Microsoft way
Posted by Stefan Kanthak on May 21
Hi @ll,the "Microsoft Installer" creates for applications installed via an
.MSI the following uninstall information in the Windows registry
(see <http://msdn.microsoft.com/library/aa372105.aspx>):
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
"UninstallString"="MsiExec.Exe /X{<GUID>}"
"ModifyPath"="MsiExec.Exe /I{<GUID>}"
Note the unqualified path...
Static analysis tool exposition (SATE) V Call for participation
Posted by aure on May 21
NIST is preparing the fifth Static Analysis Tool Exposition (SATE V). Briefly, participating tool makers run theirstatic analyzer on a set of programs. Researchers led by NIST analyze the tool reports and present the results and
experiences at a workshop. A detailed plan is available at:
http://samate.nist.gov/SATE.html
We plan to provide test cases by June 3rd. Tool makers will have until August 1st (if at all possible; September 1st at...
CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!
Posted by Sławomir Jabs on May 17
Everything has a story, everything evolves, adapts to changing circumstancesbut does your IT Sec strategy evolve with the development of the digital
world?
Are you wiling to gamble on the security of you systems?
Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...
We will...
[slackware-security] ruby (SSA:2013-136-02)
Posted by Slackware Security Team on May 17
[slackware-security] ruby (SSA:2013-136-02)New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix a security issue.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/ruby-1.9.3_p429-i486-1_slack14.0.txz: Upgraded.
This update fixes a security issue in DL and Fiddle included in Ruby where
tainted strings can be used by system calls regardless of the $SAFE...
[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)
Posted by Slackware Security Team on May 17
[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)New mozilla-thunderbird packages are available for Slackware64 13.37 and
14.0. These were accidentally omitted from the last upload.
Here are the details from the Slackware64 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0.6-x86_64-1_slack14.0.txz: Upgraded.
Here's the package that was missing from the last batch. The...
APPLE-SA-2013-05-16-1 iTunes 11.0.3
Posted by Apple Product Security on May 17
APPLE-SA-2013-05-16-1 iTunes 11.0.3iTunes 11.0.3 is now available and addresses the following:
iTunes
Available for: Mac OS X v10.6.8 or later, Windows 7, Vista,
XP SP2 or later
Impact: An attacker in a privileged network position may manipulate
HTTPS server certificates, leading to the disclosure of sensitive
information
Description: A certificate validation issue existed in iTunes. In
certain contexts, an active network attacker could...
ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability
Posted by Security Alert on May 16
ESA-2013-029: RSA SecurID Sensitive Information Disclosure VulnerabilityEMC Identifier: ESA-2013-029
CVE Identifier: CVE-2013-0941
Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Affected Products:
RSA Authentication API versions prior to 8.1 SP1
RSA Web Agent for Apache Web Server versions prior to 5.3.5
RSA Web Agent for IIS versions prior to 5.3.5
RSA PAM Agent versions prior to 7.0
RSA Agent for Microsoft...
ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability
Posted by Security Alert on May 16
ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege VulnerabilityEMC Identifier: ESA-2013-041
CVE Identifier: CVE-2013-3270
Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Affected products:
EMC VNX Control Station versions prior 7.1.70.2
EMC Celerra Control Station versions prior 6.0.70.1
Summary:
A vulnerability exists in EMC VNX and EMC Celerra Control Station that...
[slackware-security] mozilla-thunderbird (SSA:2013-135-02)
Posted by Slackware Security Team on May 16
[slackware-security] mozilla-thunderbird (SSA:2013-135-02)New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0.6-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
[slackware-security] mozilla-firefox (SSA:2013-135-01)
Posted by Slackware Security Team on May 16
[slackware-security] mozilla-firefox (SSA:2013-135-01)New mozilla-firefox packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-21.0-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
[SECURITY] [DSA 2669-1] linux security update
Posted by dann frazier on May 16
----------------------------------------------------------------------Debian Security Advisory DSA-2669-1 security () debian org
http://www.debian.org/security/ Dann Frazier
May 15, 2013 http://www.debian.org/security/faq
----------------------------------------------------------------------
Package : linux
Vulnerability : privilege escalation/denial of service/information...
Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability
Posted by Cisco Systems Product Security Incident Response Team on May 15
Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service VulnerabilityAdvisory ID: cisco-sa-20130515-mse
Revision 1.0
For Public Release 2013 May 15 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to
cause high CPU utilization and a reload of the...
Multiple Vulnerabilities in Exponent CMS
Posted by advisory on May 15
Advisory ID: HTB23154Product: Exponent CMS
Vendor: Online Innovative Creations
Vulnerable Version(s): 2.2.0 beta 3 and probably prior
Tested Version: 2.2.0 beta 3
Vendor Notification: April 24, 2013
Vendor Patch: May 3, 2013
Public Disclosure: May 15, 2013
Vulnerability Type: SQL Injection [CWE-89], PHP File Inclusion [CWE-98]
CVE References: CVE-2013-3294, CVE-2013-3295
Risk Level: High
CVSSv2 Base Scores: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P),...
[ MDVSA-2013:165 ] firefox
Posted by security on May 15
_______________________________________________________________________Mandriva Linux Security Advisory MDVSA-2013:165
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : firefox
Date : May 15, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple...
[security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
Posted by security-alert on May 15
Note: the current version of the following document is available here:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03714526
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03714526
Version: 3
HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service
(DoS) and Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
[SECURITY] [DSA 2668-1] linux-2.6 security update
Posted by dann frazier on May 15
----------------------------------------------------------------------Debian Security Advisory DSA-2668-1 security () debian org
http://www.debian.org/security/ Dann Frazier
May 14, 2013 http://www.debian.org/security/faq
----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of...

