Feed aggregator

[slackware-security] mozilla-firefox (SSA:2014-204-02)

BugTraq Latest Security Advisories - July 24, 2014 - 10:39am

Posted by Slackware Security Team on Jul 24

[slackware-security] mozilla-firefox (SSA:2014-204-02)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-24.7.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

Bugtraq: [security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities

Security Focus Latest Security Advisories - July 24, 2014 - 10:30am
[security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
Categories:

Bugtraq: [SECURITY] [DSA 2987-1] openjdk-7 security update

Security Focus Latest Security Advisories - July 24, 2014 - 10:30am
[SECURITY] [DSA 2987-1] openjdk-7 security update
Categories:

Bugtraq: [SECURITY] [DSA 2986-1] iceweasel security update

Security Focus Latest Security Advisories - July 24, 2014 - 10:30am
[SECURITY] [DSA 2986-1] iceweasel security update
Categories:

Bugtraq: Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

Security Focus Latest Security Advisories - July 24, 2014 - 10:30am
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
Categories:

[slackware-security] httpd (SSA:2014-204-01)

BugTraq Latest Security Advisories - July 24, 2014 - 10:27am

Posted by Slackware Security Team on Jul 24

[slackware-security] httpd (SSA:2014-204-01)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.10-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection...
Categories:

[security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities

BugTraq Latest Security Advisories - July 24, 2014 - 10:16am

Posted by security-alert on Jul 24

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04379485

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04379485
Version: 1

HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows
running OpenSSL, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[SECURITY] [DSA 2987-1] openjdk-7 security update

BugTraq Latest Security Advisories - July 24, 2014 - 10:07am

Posted by Moritz Muehlenhoff on Jul 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-2987-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-7
CVE ID : CVE-2014-2483 CVE-2014-2490...
Categories:

[SECURITY] [DSA 2986-1] iceweasel security update

BugTraq Latest Security Advisories - July 24, 2014 - 9:57am

Posted by Moritz Muehlenhoff on Jul 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-2986-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1544 CVE-2014-1547...
Categories:

Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

BugTraq Latest Security Advisories - July 24, 2014 - 9:48am

Posted by Stefan Kanthak on Jul 24

Hi @ll,

the import function of Windows Mail executes a rogue program C:\Program.exe
with the credentials of another account, resulting in a privilege escalation!

1. Fetch <http://home.arcor.de/skanthak/download/SENTINEL.EXE> and save it as
C:\Program.exe

2. Start Windows Mail (part of Windows Vista and Windows Server 2008)

3. On the File menu, click Identities

4. On the entry page of the wizard click [ Continue > ]

5. Select...
Categories:

[security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information

BugTraq Latest Security Advisories - July 24, 2014 - 9:39am

Posted by security-alert on Jul 24

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04378799

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04378799
Version: 1

HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows
running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized
Access, Disclosure of Information

NOTICE: The...
Categories:

Bugtraq: [security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information

[security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information
Categories:

Bugtraq: SQL Injection in Ð?2

SQL Injection in Ð?2
Categories:

Bugtraq: [oCERT-2014-005] LPAR2RRD input sanitization errors

[oCERT-2014-005] LPAR2RRD input sanitization errors
Categories:

Bugtraq: Multiple Vulnerabilities in Parallels® Plesk Sitebuilder

Multiple Vulnerabilities in Parallels® Plesk Sitebuilder
Categories:

next-20140724: linux-next

Linux Kernel Updates - July 24, 2014 - 4:42am
Version:next-20140724 (linux-next) Released:2014-07-24

Vuln: Samba 'nmbd' NetBIOS Name Serives Daemon Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 23, 2014 - 11:00pm
Samba 'nmbd' NetBIOS Name Serives Daemon Denial of Service Vulnerability
Categories:

Vuln: libvirt XML Entity Expansion CVE-2014-0179 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - July 23, 2014 - 11:00pm
libvirt XML Entity Expansion CVE-2014-0179 Information Disclosure Vulnerability
Categories:

Vuln: JSON-C 'printbuf' API CVE-2013-6370 Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 23, 2014 - 11:00pm
JSON-C 'printbuf' API CVE-2013-6370 Denial of Service Vulnerability
Categories:

Vuln: JSON-C Weak Hash Function CVE-2013-6371 Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 23, 2014 - 11:00pm
JSON-C Weak Hash Function CVE-2013-6371 Denial of Service Vulnerability
Categories: