Feed aggregator

Posted by Moritz Muehlenhoff on May 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-2667-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 12, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mysql-5.5
Vulnerability : several
Problem type : remote...

Posted by Salvatore Bonaccorso on May 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-2666-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
May 12, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
Vulnerability : several
Problem type : remote...

Posted by announcements on May 13

The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...

Posted by Security Alert on May 10

ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting (XSS) Vulnerability

EMC Identifier: ESA-2013-031

CVE Identifier: CVE-2013-0942

Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

RSA® Authentication Agent 7.1 for Web for Internet Information Services
RSA® Authentication Agent 7.1 for Web for Apache

Summary:

RSA Authentication Agent contains a cross-site scripting (XSS)...

Posted by Mark Thomas on May 10

CVE-2012-3544 Chunked transfer encoding extension size is not limited

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.29
- Tomcat 6.0.0 to 6.0.36

Description:
When processing a request submitted using the chunked transfer encoding,
Tomcat ignored but did not limit any extensions that were included. This
allows a client to perform a limited DOS by streaming an unlimited
amount of data to the...

Posted by Mark Thomas on May 10

CVE-2013-2067 Session fixation with FORM authenticator

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.32
- Tomcat 6.0.21 to 6.0.36

Description:
FORM authentication associates the most recent request requiring
authentication with the current session. By repeatedly sending a request
for an authenticated resource while the victim is completing the login
form, an attacker could inject a request...

Posted by Mark Thomas on May 10

CVE-2013-2071 Request mix-up if AsyncListener method throws
RuntimeException

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.39

Description:
Bug 54178 described a scenario where elements of a previous request may
be exposed to a current request. This was very difficult to exploit
deliberately but fairly likely to happen unexpectedly if an application
used AsyncListeners that...

Posted by cfp on May 10

Hi,

Hacktivity is the largest IT Security Festival in CEE region which will be held between October 11-12, 2013 in
Budapest, Hungary.

Hacktivity traditionally brings together the official and alternative representatives of information security
profession with all those interested in the area, in an informal, yet educational, and usually deep into the technical
form.

We are seeking submissions for the conference track, 40 minutes "Hello...

In Transmission: Edit / Preferences / Privacy / Enable blocklist. Add the URL from below and click Update.http://list.iblocklist.com/?listbt_level1&fileformatp2p&archiveformatgzFYI: Why should you set a blocklist? ;)Answer by mikewhatever in Ubuntu ...

Ubuntu’s Popularity Is Not Declining Fedora 16 vs. Ubuntu 11.10 Performance Benchmarks A few useful tweaks for Ubuntu ‘Foss Yeaaaah!’ – A Song About Unity, GNOME and Ubuntu Ubuntu vs LinuxMint: Distrowatch Ratings Don't Matter List Of Unity Keyboard Shortcuts Asus and ...

zdnet.com: There’s always something to be thankful for and I’m thankful for the ability to select a classic version of my favorite desktop interfaces. read ...

Play FB's Games in fullwindow (no adverts, ...

Provides sharedir.com tools for working with rapidshare, fileserve, hotfile and other popular file sharing sites via rightclick or Tools ...

Provides sharedir.com tools for working with rapidshare, fileserve, hotfile and other popular file sharing sites via rightclick or Tools ...

WSGI PGP public key submission ...

linuxgrrl.com: Red Hat is looking for a talented, Linux & free softwarefriendly interaction designer to work with me on making Fedora and Red Hat Enterprise Linux easier to use. read ...

Being an advocate of Linux Mint, which is a derivative based on Ubuntu, which is a derivative of Debian; I noticed a nasty bug back in July of 2011. Ubuntu 11.04 was released in April of that year and I waited for ...

Tool to submit code to ...