[SECURITY] [DSA 3625-1] squid3 security update
Dreammail 5 mail client XSS Vulnerability
[slackware-security] php (SSA:2016-203-02)
[slackware-security] gimp (SSA:2016-203-01)
Posted by Slackware Security Team on Jul 25[slackware-security] bind (SSA:2016-204-01)
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
Fixed a security issue:
getrrsetbyname with a non absolute name could trigger an infinite
recursion bug in lwresd and named...
Posted by Kotas, Kevin J on Jul 25CA20160721-01: Security Notice for CA eHealth
Last Updated: 2016-07-21
CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
Posted by Tim Allison on Jul 25CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example
Vendor: The Apache Software Foundation
Versions Affected: POI 3.5-3.13
Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and users that use
XLSX2CSV and accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allow remote...
Posted by lem . nikolas on Jul 25MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google,
Facebook, Twitter just to cite a few..
In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to
identify and mitigate those vulnerabilities.
Sincere thanks to Oracle Inc for the prompt response and adequate mitigation to the issues.
You can get a copy of the report...
Version:next-20160725 (linux-next) Released:2016-07-25
Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
PHP 'zip_stream.c' Integer Overflow Vulnerability
PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability
PHP 'snmp.c' Denial of Service Vulnerability
Version:next-20160724 (linux-next) Released:2016-07-24