BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 36 min 39 sec ago

[security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information

April 23, 2014 - 5:23am

Posted by security-alert on Apr 23

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260637

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260637
Version: 1

HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library
LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted...
Categories:

APPLE-SA-2014-04-22-2 iOS 7.1.1

April 22, 2014 - 2:19pm

Posted by Apple Product Security on Apr 22

APPLE-SA-2014-04-22-2 iOS 7.1.1

iOS 7.1.1 is now available and addresses the following:

CFNetwork HTTPProtocol
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line was complete. An attacker
could strip security...
Categories:

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

April 22, 2014 - 2:11pm

Posted by Apple Product Security on Apr 22

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

Apple TV 6.1.1 is now available and addresses the following:

Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line was complete. An attacker
could strip security settings from the cookie by forcing the...
Categories:

APPLE-SA-2014-04-22-1 Security Update 2014-002

April 22, 2014 - 2:00pm

Posted by Apple Product Security on Apr 22

APPLE-SA-2014-04-22-1 Security Update 2014-002

Security Update 2014-002 is now available and addresses the
following:

CFNetwork HTTPProtocol
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line...
Categories:

[SECURITY] [DSA 2911-1] icedove security update

April 22, 2014 - 10:56am

Posted by Moritz Muehlenhoff on Apr 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-2911-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
April 22, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2014-1493 CVE-2014-1497...
Categories:

[security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information

April 22, 2014 - 9:56am

Posted by security-alert on Apr 22

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260505

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260505
Version: 1

HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote
Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information

April 22, 2014 - 9:45am

Posted by security-alert on Apr 22

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260456

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260456
Version: 1

HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure
of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-04-21...
Categories:

[security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information

April 22, 2014 - 9:34am

Posted by security-alert on Apr 22

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260353

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260353
Version: 1

HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager
running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[slackware-security] php (SSA:2014-111-02)

April 22, 2014 - 5:50am

Posted by Slackware Security Team on Apr 22

[slackware-security] php (SSA:2014-111-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.27-i486-1_slack14.1.txz: Upgraded.
This update fixes a security issue in the in the awk script detector
which allows context-dependent attackers to cause a denial of service
(CPU consumption)...
Categories:

[slackware-security] libyaml (SSA:2014-111-01)

April 22, 2014 - 5:38am

Posted by Slackware Security Team on Apr 22

[slackware-security] libyaml (SSA:2014-111-01)

New libyaml packages are available for Slackware 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libyaml-0.1.6-i486-1_slack14.1.txz: Upgraded.
This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
where a specially crafted string could cause a heap overflow...
Categories:

[SECURITY] [DSA 2901-3] wordpress regression update

April 21, 2014 - 8:11am

Posted by Salvatore Bonaccorso on Apr 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2901-3 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2014-0165 CVE-2014-0166...
Categories:

[SECURITY] [DSA 2895-2] prosody regression update

April 21, 2014 - 8:00am

Posted by Luciano Bello on Apr 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2895-2 security () debian org
http://www.debian.org/security/ Luciano Bello
April 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : prosody
CVE ID : CVE-2014-2744 CVE-2014-2745
Debian...
Categories:

Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl

April 21, 2014 - 7:51am

Posted by craig . arendt on Apr 21

Product description:
============
MODX (originally MODx) is a free, open source content management system and web application framework for publishing
content on the world wide web and intranets.
============

MODX Revolution Blind SQL Injection (CVE-2014-2736)
============
The application is vulnerable to blind SQL injection which is exploitable through the session ID supplied by the user.
This issue is exploitable without authentication....
Categories:

Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2

April 21, 2014 - 7:42am

Posted by craig . arendt on Apr 21

Product description:
============
KnowledgeTree is document management system that makes it easy to secure, share, track and manage the documents and
records.
============

KnowledgeTree Blind SQL Injection (CVE-2014-2737)
============

The application is vulnerable to blind SQL injection which is exploitable through
/webservice/clienttools/services/mdownload.php. This issue is exploitable without authentication.

Details:...
Categories:

[security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information

April 21, 2014 - 7:31am

Posted by security-alert on Apr 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04236062

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236062
Version: 2

HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running
OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability

April 21, 2014 - 7:21am

Posted by Brett Porter on Apr 21

CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Archiva 1.3 to Continuum 1.3.6
- The unsupported versions Archiva 1.2 to 1.2.2 are also affected.

Description:
A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into
the Archiva home page.

Mitigation:
All users are recommended to...
Categories:

[SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution

April 21, 2014 - 7:12am

Posted by Brett Porter on Apr 21

CVE-2013-2251: Apache Archiva Remote Command Execution

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Archiva 1.3 to Continuum 1.3.6
- The unsupported versions Archiva 1.2 to 1.2.2 are also affected.

Description:
Apache Archiva is affected by a vulnerability in the version of the Struts library being used, which allows a malicious
user to run code on the server remotely. More details about the vulnerability...
Categories:

[SECURITY] [DSA 2901-2] wordpress regression update

April 21, 2014 - 7:05am

Posted by Thijs Kinkhorst on Apr 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2901-2 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
April 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2014-0165 CVE-2014-0166...
Categories:

[security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information

April 21, 2014 - 6:53am

Posted by security-alert on Apr 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04255796

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04255796
Version: 1

HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK)
running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure

April 21, 2014 - 6:44am

Posted by security-alert on Apr 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04236102

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236102
Version: 4

HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB
Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation,
Diagnostics, LoadRunner, and Performance Center, running...
Categories: