Feed aggregator

[SECURITY] [DSA 2667-1] mysql-5.5 security update

BugTraq Latest Security Advisories - May 13, 2013 - 10:05am

Posted by Moritz Muehlenhoff on May 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-2667-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 12, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mysql-5.5
Vulnerability : several
Problem type : remote...
Categories:

[SECURITY] [DSA 2666-1] xen security update

BugTraq Latest Security Advisories - May 13, 2013 - 9:53am

Posted by Salvatore Bonaccorso on May 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-2666-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
May 12, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
Vulnerability : several
Problem type : remote...
Categories:

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published

BugTraq Latest Security Advisories - May 13, 2013 - 9:35am

Posted by announcements on May 13

The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...
Categories:

ESA-2013-031: RSA® Authentication Agent Cross-Site Scrip ting (XSS) Vulnerability

BugTraq Latest Security Advisories - May 10, 2013 - 1:19pm

Posted by Security Alert on May 10

ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting (XSS) Vulnerability

EMC Identifier: ESA-2013-031

CVE Identifier: CVE-2013-0942

Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

RSA® Authentication Agent 7.1 for Web for Internet Information Services
RSA® Authentication Agent 7.1 for Web for Apache

Summary:

RSA Authentication Agent contains a cross-site scripting (XSS)...
Categories:

[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

BugTraq Latest Security Advisories - May 10, 2013 - 1:02pm

Posted by Mark Thomas on May 10

CVE-2012-3544 Chunked transfer encoding extension size is not limited

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.29
- Tomcat 6.0.0 to 6.0.36

Description:
When processing a request submitted using the chunked transfer encoding,
Tomcat ignored but did not limit any extensions that were included. This
allows a client to perform a limited DOS by streaming an unlimited
amount of data to the...
Categories:

[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator

BugTraq Latest Security Advisories - May 10, 2013 - 12:46pm

Posted by Mark Thomas on May 10

CVE-2013-2067 Session fixation with FORM authenticator

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.32
- Tomcat 6.0.21 to 6.0.36

Description:
FORM authentication associates the most recent request requiring
authentication with the current session. By repeatedly sending a request
for an authenticated resource while the victim is completing the login
form, an attacker could inject a request...
Categories:

CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException

BugTraq Latest Security Advisories - May 10, 2013 - 12:32pm

Posted by Mark Thomas on May 10

CVE-2013-2071 Request mix-up if AsyncListener method throws
RuntimeException

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.39

Description:
Bug 54178 described a scenario where elements of a previous request may
be exposed to a current request. This was very difficult to exploit
deliberately but fairly likely to happen unexpectedly if an application
used AsyncListeners that...
Categories:

CFP: Hacktivity 2013, October 11-12, Budapest, Hungary

BugTraq Latest Security Advisories - May 10, 2013 - 12:19pm

Posted by cfp on May 10

Hi,

Hacktivity is the largest IT Security Festival in CEE region which will be held between October 11-12, 2013 in
Budapest, Hungary.

Hacktivity traditionally brings together the official and alternative representatives of information security
profession with all those interested in the area, in an informal, yet educational, and usually deep into the technical
form.

We are seeking submissions for the conference track, 40 minutes "Hello...
Categories:

Costales: How can you create a Transmission blocklist rules?

LinuxLeak News - December 4, 2012 - 2:21pm
In Transmission: Edit / Preferences / Privacy / Enable blocklist. Add the URL from below and click Update.http://list.iblocklist.com/?listbt_level1&fileformatp2p&archiveformatgzFYI: Why should you set a blocklist? ;)Answer by mikewhatever in Ubuntu ...

Ubuntu’s Popularity Is Not Declining

LinuxLeak News - November 29, 2012 - 1:39am
Ubuntu’s Popularity Is Not Declining Fedora 16 vs. Ubuntu 11.10 Performance Benchmarks A few useful tweaks for Ubuntu ‘Foss Yeaaaah!’ – A Song About Unity, GNOME and Ubuntu Ubuntu vs LinuxMint: Distrowatch Ratings Don't Matter List Of Unity Keyboard Shortcuts Asus and ...

Giving thanks for classic desktop options

LinuxLeak News - November 23, 2012 - 9:22pm
zdnet.com: There’s always something to be thankful for and I’m thankful for the ability to select a classic version of my favorite desktop interfaces. read ...

FB Gamer 1.2

LinuxLeak News - November 23, 2012 - 6:06am
Play FB's Games in fullwindow (no adverts, ...

SD Tools 1.2.2

LinuxLeak News - November 23, 2012 - 4:13am
Provides sharedir.com tools for working with rapidshare, fileserve, hotfile and other popular file sharing sites via rightclick or Tools ...

SD Tools 1.2.2

LinuxLeak News - November 23, 2012 - 3:45am
Provides sharedir.com tools for working with rapidshare, fileserve, hotfile and other popular file sharing sites via rightclick or Tools ...

pgpsubmit 0.2

LinuxLeak News - November 22, 2012 - 5:57pm
WSGI PGP public key submission ...

Red Hat Hiring interaction designer

LinuxLeak News - November 22, 2012 - 4:29pm
linuxgrrl.com: Red Hat is looking for a talented, Linux & free softwarefriendly interaction designer to work with me on making Fedora and Red Hat Enterprise Linux easier to use. read ...

Why I’m quitting the Debian Lineup

LinuxLeak News - November 22, 2012 - 12:35pm
Being an advocate of Linux Mint, which is a derivative based on Ubuntu, which is a derivative of Debian; I noticed a nasty bug back in July of 2011. Ubuntu 11.04 was released in April of that year and I waited for ...

git-review 1.6

LinuxLeak News - November 22, 2012 - 3:51am
Tool to submit code to ...