Feed aggregator

Posted by Slackware Security Team on May 21

[slackware-security] kernel (SSA:2013-140-01)

New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix
a security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.2.45/*: Upgraded.
Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local
users to gain a root shell. Be sure to upgrade your initrd and reinstall
LILO after upgrading...

Posted by Vulnerability Lab on May 21

Title:
======
Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:
=====
2013-05-12

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=767

VL-ID:
=====
767

Common Vulnerability Scoring System:
====================================
6.5

Introduction:
=============
The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the...

Posted by chudakovma on May 21

CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk,
Personal Firewall)

CVE reference:
CVE-2013-3496

Credit:
Maksim Chudakov (@MChudakov)
Andrey Kurtasanov(andreykurtasanov () gmail com)

Severity:
Medium

Local\Remote:
Local

Vulnerability Class:
Privilege Escalation

Vendor URL:
http://www.infotecs.biz/

Affected OS:
Windows

Vulnerable systems:
ViPNet Client 3.2.10 (15632) and...

Posted by Fernando Gont on May 21

Folks,

We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".

This revision is available at:
<http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.

This proposal is key for the mitigation of address-scanning attacks,
while at the same time preventing host-tracking.

Stay tuned for more IPv6 security news...

Posted by Stefan Kanthak on May 21

Hi @ll,

the "Microsoft Installer" creates for applications installed via an
.MSI the following uninstall information in the Windows registry
(see <http://msdn.microsoft.com/library/aa372105.aspx>):

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
"UninstallString"="MsiExec.Exe /X{<GUID>}"
"ModifyPath"="MsiExec.Exe /I{<GUID>}"

Note the unqualified path...

Static analysis tool exposition (SATE) V Call for participation

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!

[slackware-security] ruby (SSA:2013-136-02)

[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)

Posted by aure on May 21

NIST is preparing the fifth Static Analysis Tool Exposition (SATE V). Briefly, participating tool makers run their
static analyzer on a set of programs. Researchers led by NIST analyze the tool reports and present the results and
experiences at a workshop. A detailed plan is available at:

http://samate.nist.gov/SATE.html

We plan to provide test cases by June 3rd. Tool makers will have until August 1st (if at all possible; September 1st at...

APPLE-SA-2013-05-16-1 iTunes 11.0.3

Version:next-20130521 (linux-next) Released:2013-05-21

RETIRED: Moodle Multiple Remote Security Vulnerabilities

Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability

Moodle CVE-2012-6098 Security Bypass Vulnerability

Moodle CVE-2012-6101 Multiple URI Redirection Vulnerabilities

Moodle CVE-2012-6104 Information Disclosure Vulnerability

Oracle Java SE CVE-2013-2431 Remote Java Runtime Environment Vulnerability

Oracle Java SE CVE-2013-1564 Remote Java Runtime Environment Vulnerability

Oracle Java SE CVE-2013-2429 Remote Java Runtime Environment Vulnerability