Feed aggregator

Bugtraq: Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp

Security Focus Latest Security Advisories - April 14, 2015 - 7:15pm
Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp
Categories:

3.4.107: longterm

Linux Kernel Updates - April 14, 2015 - 4:34am
Version:3.4.107 (longterm) Released:2015-04-14 Source:linux-3.4.107.tar.xz PGP Signature:linux-3.4.107.tar.sign Patch:patch-3.4.107.xz (Incremental) ChangeLog:ChangeLog-3.4.107

next-20150414: linux-next

Linux Kernel Updates - April 14, 2015 - 3:38am
Version:next-20150414 (linux-next) Released:2015-04-14

[security bulletin] HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities

BugTraq Latest Security Advisories - April 13, 2015 - 2:08pm

Posted by security-alert on Apr 13

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04635715

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04635715
Version: 1

HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and
other Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

Bugtraq: [SECURITY] [DSA 3224-1] libx11 security update

Security Focus Latest Security Advisories - April 13, 2015 - 2:00pm
[SECURITY] [DSA 3224-1] libx11 security update
Categories:

Bugtraq: Ruxcon 2015 Call For Presentations

Security Focus Latest Security Advisories - April 13, 2015 - 2:00pm
Ruxcon 2015 Call For Presentations
Categories:

[security bulletin] HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code

BugTraq Latest Security Advisories - April 13, 2015 - 1:59pm

Posted by security-alert on Apr 13

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04629160

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04629160
Version: 2

HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7
(WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote
Elevation of Privilege, Execution of Code

NOTICE: The...
Categories:

Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information Security Corp

BugTraq Latest Security Advisories - April 13, 2015 - 9:27am

Posted by lem . nikolas on Apr 13

-=[Advanced Information Security Corp]=-

Author: Nicholas Lemonias
Advisory Date: 13/4/2015
Email: lem.nikolas (at) gmail (dot) com

Introduction
==========
During a source-code audit of the Apache HTTPD 2.2.29 release
implementation for linux; conducted internally by the Advanced
Information Security
Group, instances of insecure function use were observed, which could
possibly lead to some attacks.

Software Overview
===============

The Apache...
Categories:

Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp

BugTraq Latest Security Advisories - April 13, 2015 - 9:19am

Posted by Nicholas Lemonias. on Apr 13

-=[Advanced Information Security Corp]=-

Author: Nicholas Lemonias
Advisory Date: 13/4/2015
Email: lem.nikolas (at) gmail (dot) com

Introduction
==========
During a source-code audit of the Apache HTTPD 2.2.29 release
implementation for linux; conducted internally by the Advanced
Information Security
Group, instances of insecure function use were observed, which could
possibly lead to some attacks.

Software Overview
===============

The Apache...
Categories:

Ruxcon 2015 Call For Presentations

BugTraq Latest Security Advisories - April 13, 2015 - 9:13am

Posted by cfp on Apr 13

Ruxcon 2015 Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 30th of June, 2015.

.[x]. About Ruxcon .[x].

Ruxcon is...
Categories:

[SECURITY] [DSA 3224-1] libx11 security update

BugTraq Latest Security Advisories - April 13, 2015 - 9:02am

Posted by Moritz Muehlenhoff on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3224-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
April 12, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libx11
CVE ID : CVE-2013-7439

Abhishek Arya...
Categories:

Bugtraq: [SECURITY] [DSA 3223-1] ntp security update

Security Focus Latest Security Advisories - April 13, 2015 - 9:00am
[SECURITY] [DSA 3223-1] ntp security update
Categories:

Bugtraq: [SECURITY] [DSA 3222-1] chrony security update

Security Focus Latest Security Advisories - April 13, 2015 - 9:00am
[SECURITY] [DSA 3222-1] chrony security update
Categories:

[SECURITY] [DSA 3223-1] ntp security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:54am

Posted by Alessandro Ghedini on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3223-1 security () debian org
http://www.debian.org/security/ Alessandro Ghedini
April 12, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ntp
CVE ID : CVE-2015-1798 CVE-2015-1799
Debian Bug...
Categories:

[SECURITY] [DSA 3222-1] chrony security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:47am

Posted by Alessandro Ghedini on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3222-1 security () debian org
http://www.debian.org/security/ Alessandro Ghedini
April 12, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chrony
CVE ID : CVE-2015-1821 CVE-2015-1822...
Categories:

[SECURITY] [DSA 3221-1] das-watchdog security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:39am

Posted by Salvatore Bonaccorso on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3221-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 12, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : das-watchdog
CVE ID : CVE-2015-2831
Debian Bug...
Categories:

Safari iOS/OS X/Windows cookie access vulnerability

BugTraq Latest Security Advisories - April 13, 2015 - 8:31am

Posted by Jouko Pynnonen on Apr 13

OVERVIEW
==========

The 4/8/2015 security updates from Apple included a patch for a Safari
cross-domain vulnerability. An attacker could create web content
which, when viewed by a target user, bypasses some of the normal
cross-domain restrictions to access or modify HTTP cookies belonging
to any website.

Most websites which allow user logins store their authentication
information (usually session keys) in cookies. Access to these cookies
would...
Categories:

[SECURITY] [DSA 3220-1] libtasn1-3 security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:23am

Posted by Salvatore Bonaccorso on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3220-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 11, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libtasn1-3
CVE ID : CVE-2015-2806

Hanno Boeck...
Categories:

Hijacking any Weebly Website [Insecure Direct Object Reference Vulnerability]

BugTraq Latest Security Advisories - April 13, 2015 - 8:14am

Posted by huehuehuehue10 on Apr 13

Title: Hijack any website from weebly.com by just adding an administrator to their website. [Insecure Direct Object
Reference Vulnerability]

=====

Weebly is a web-hosting service that allows the user to “drag-and-drop” while using their website builder. As of August
2012, Weebly hosts over 20 million sites with a monthly rate of over 1 million unique visitors.
‘http://en.wikipedia.org/wiki/Weebly’.

Website: https://www.weebly.com

Any...
Categories:

[SECURITY] [DSA 3219-1] libdbd-firebird-perl security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:05am

Posted by Alessandro Ghedini on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3219-1 security () debian org
http://www.debian.org/security/ Alessandro Ghedini
April 11, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libdbd-firebird-perl
CVE ID : CVE-2015-2788
Debian...
Categories: