BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 6 min ago

APPLE-SA-2017-09-19-1 iOS 11

September 20, 2017 - 2:20am

Posted by Apple Product Security on Sep 20

APPLE-SA-2017-09-19-1 iOS 11

iOS 11 is now available and addresses the following:

Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This
issue was addressed through requiring TLS.
CVE-2017-7088: Ilya Nesterov, Maxim...
Categories:

[slackware-security] httpd (SSA:2017-261-01)

September 19, 2017 - 3:31am

Posted by Slackware Security Team on Sep 19

[slackware-security] httpd (SSA:2017-261-01)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.27-i586-2_slack14.2.txz: Rebuilt.
This update patches a security issue ("Optionsbleed") with the OPTIONS http
method which may leak arbitrary pieces of...
Categories:

[slackware-security] libgcrypt (SSA:2017-261-02)

September 19, 2017 - 3:18am

Posted by Slackware Security Team on Sep 19

[slackware-security] libgcrypt (SSA:2017-261-02)

New libgcrypt packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libgcrypt-1.7.9-i586-1_slack14.2.txz: Upgraded.
Mitigate a local side-channel attack on Curve25519 dubbed "May
the Fourth be With You".
For more information, see:...
Categories:

[slackware-security] ruby (SSA:2017-261-03)

September 19, 2017 - 3:07am

Posted by Slackware Security Team on Sep 19

[slackware-security] ruby (SSA:2017-261-03)

New ruby packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ruby-2.2.8-i586-1_slack14.2.txz: Upgraded.
This release includes several security fixes.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898...
Categories:

Watchguard Fireware OS DOS & Stored XSS

September 19, 2017 - 2:52am

Posted by David Fernandez on Sep 19

Watchguard’s Firebox and XTM are a series of enterprise grade network
security appliances providing advanced security services like next
generation firewall, intrusion prevention, malware detection and
blockage and others. Two vulnerabilities were discovered affecting the
XML-RPC interface of the Web UI used to manage Fireware OS, the
operating system running on Watchguard Firebox and XTM appliances. To
exploit any of the flaws discovered, no...
Categories:

[SECURITY] [DSA 3978-1] gdk-pixbuf security update

September 19, 2017 - 2:39am

Posted by Moritz Muehlenhoff on Sep 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3978-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gdk-pixbuf
CVE ID : CVE-2017-2862
Debian Bug :...
Categories:

ZK Time_Web Software 2.0 - Broken Authentication

September 18, 2017 - 11:04am

Posted by Arvind Vishwakarma on Sep 18

Vulnerability Type: Broken Authentication
Vendor of Product: ZKTeco
Affected Product Code Base: ZKTime Web - 2.0.1.12280
Affected Component: ZK Time Web Interface Management.
Attack Type: Local - Unauthenticated
Impact: Information Disclosure
------------------------------------------
Product description:
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software,
which provided a stable communication for devices through GPRS/WAN,
hence,...
Categories:

ZKTime_Web Software 2.0 - Cross Site Request Forgery

September 18, 2017 - 10:50am

Posted by Arvind Vishwakarma on Sep 18

Vulnerability Type: Cross Site Request Forgery (CSRF)
Vendor of Product: ZKTeco
Affected Product Code Base: ZKTime Web - 2.0.1.12280
Affected Component: ZK Time Web Interface Management.
Attack Type: Local - Authenticated
Impact: Escalation of Privileges
------------------------------------------
Product description:
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software,
which provided a stable communication for devices through...
Categories:

[SECURITY] [DSA 3976-1] freexl security update

September 18, 2017 - 3:00am

Posted by Salvatore Bonaccorso on Sep 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3976-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 17, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : freexl
CVE ID : CVE-2017-2923 CVE-2017-2924
Debian...
Categories:

[slackware-security] kernel (SSA:2017-258-02)

September 18, 2017 - 2:48am

Posted by Slackware Security Team on Sep 18

[slackware-security] kernel (SSA:2017-258-02)

New kernel packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.88/*: Upgraded.
This update fixes the security vulnerability known as "BlueBorne".
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at
Linux kernel version...
Categories:

[SECURITY] [DSA 3975-1] emacs25 security update

September 18, 2017 - 2:35am

Posted by Moritz Muehlenhoff on Sep 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3975-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : emacs25
CVE ID : CVE-2017-14482

Charles A. Roelli...
Categories:

[slackware-security] emacs (SSA:2017-255-01)

September 13, 2017 - 9:13am

Posted by Slackware Security Team on Sep 13

[slackware-security] emacs (SSA:2017-255-01)

New emacs packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/emacs-25.3-i586-1_slack14.2.txz: Upgraded.
This update fixes a security vulnerability in Emacs. Gnus no longer
supports "richtext" and "enriched" inline...
Categories:

[slackware-security] libzip (SSA:2017-255-02)

September 13, 2017 - 8:58am

Posted by Slackware Security Team on Sep 13

[slackware-security] libzip (SSA:2017-255-02)

New libzip packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libzip-1.0.1-i586-3_slack14.2.txz: Rebuilt.
Fix a denial of service security issue.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14107
(* Security fix *)...
Categories: