Feed aggregator

next-20150415: linux-next

Linux Kernel Updates - April 15, 2015 - 2:33am
Version:next-20150415 (linux-next) Released:2015-04-15

several issues in SQLite (+ catching up on several other bugs)

BugTraq Latest Security Advisories - April 14, 2015 - 8:19pm

Posted by Michal Zalewski on Apr 15

SQLite is probably the most popular embedded database in use today; it
is also known for being very well-tested and robust.

Because of its versatility, SQLite sometimes finds use as the
mechanism behind SQL-style query APIs that are exposed between
privileged execution contexts and less-trusted code. One example of
this is the WebDB / WebSQL mechanism available in some browsers; in
this setting, vulnerabilities in the SQLite parser can open up...
Categories:

whitepaper: Identifier based XSSI attacks

BugTraq Latest Security Advisories - April 14, 2015 - 8:10pm

Posted by Takeshi Terada on Apr 15

Hello list members,

We released a new technical whitepaper titled:
"Identifier based XSSI attacks"

CVE numbers:
CVE-2014-6345, CVE-2014-7939

URL:
http://www.mbsd.jp/Whitepaper/xssi.pdf

Introduction:
-------------------------------
Cross Site Script Inclusion (XSSI) is an attack technique (or a
vulnerability) that enables attackers to steal data of certain types
across origin boundaries, by including target data using SCRIPT tag in...
Categories:

[SYSS-2015-015] Panda Gold Protection 2015 - Authentication Bypass

BugTraq Latest Security Advisories - April 14, 2015 - 8:02pm

Posted by matthias . deeg on Apr 15

Advisory ID: SYSS-2015-015
Product: Panda Gold Protection 2015
Vendor: Panda Security
Affected Version(s): 15.1.0
Tested Version(s): 15.1.0
Vulnerability Type: Authentication Bypass Using an Alternate Path or
Channel (CWE-288)
Risk Level: Medium
Solution Status: Not fixed
Vendor Notification: 2015-02-27
Solution Date: -
Public Disclosure: 2015-04-14
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)...
Categories:

[SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass

BugTraq Latest Security Advisories - April 14, 2015 - 7:54pm

Posted by matthias . deeg on Apr 15

Advisory ID: SYSS-2015-014
Product: Panda Global Protection 2015
Vendor: Panda Security
Affected Version(s): 15.1.0
Tested Version(s): 15.1.0
Vulnerability Type: Authentication Bypass Using an Alternate Path or
Channel (CWE-288)
Risk Level: Medium
Solution Status: Not fixed
Vendor Notification: 2015-02-27
Solution Date: -
Public Disclosure: 2015-04-14
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS...
Categories:

[SYSS-2015-013] Panda Antivirus Pro 2015 - Authentication Bypass

BugTraq Latest Security Advisories - April 14, 2015 - 7:47pm

Posted by matthias . deeg on Apr 15

Advisory ID: SYSS-2015-013
Product: Panda Antivirus Pro 2015
Vendor: Panda Security
Affected Version(s): 15.1.0
Tested Version(s): 15.1.0
Vulnerability Type: Authentication Bypass Using an Alternate Path or
Channel (CWE-288)
Risk Level: Medium
Solution Status: Not fixed
Vendor Notification: 2015-02-27
Solution Date: -
Public Disclosure: 2015-04-14
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)...
Categories:

[SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass

BugTraq Latest Security Advisories - April 14, 2015 - 7:40pm

Posted by matthias . deeg on Apr 15

Advisory ID: SYSS-2015-012
Product: Panda Internet Security 2015
Vendor: Panda Security
Affected Version(s): 15.0.1
Tested Version(s): 15.0.1
Vulnerability Type: Authentication Bypass Using an Alternate Path or
Channel (CWE-288)
Risk Level: Medium
Solution Status: Not fixed
Vendor Notification: 2015-02-27
Solution Date: -
Public Disclosure: 2015-04-14
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS...
Categories:

Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c

BugTraq Latest Security Advisories - April 14, 2015 - 7:33pm

Posted by lem . nikolas on Apr 15

-=[Advanced Information Security Corporation]=-

Advisory for Apache Http Server 2.2.29 / 2.4.12 NULL Pointer Dereference

Author: Nicholas Lemonias
Advisory Date: 14/4/2015
Email: lem.nikolas (at) gmail (dot) com

Introduction
==========
During a source-code audit of the Apache HTTPD 2.2.29 / 2.4.12 release
implementation for linux; conducted internally by the Advanced
Information Security
Group, instances of insecure function use were...
Categories:

Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c

BugTraq Latest Security Advisories - April 14, 2015 - 7:24pm

Posted by Nicholas Lemonias. on Apr 15

-=[Advanced Information Security Corporation]=-

Advisory for Apache Http Server 2.2.29 / 2.4.12 NULL Pointer Dereference

Author: Nicholas Lemonias
Advisory Date: 14/4/2015
Email: lem.nikolas (at) gmail (dot) com

Introduction
==========
During a source-code audit of the Apache HTTPD 2.2.29 / 2.4.12 release
implementation for linux; conducted internally by the Advanced
Information Security
Group, instances of insecure function use were...
Categories:

[CVE-2015-2810] Integer Overflow leading to heap corruption when assigning a long paragraph size value to a HanWord document

BugTraq Latest Security Advisories - April 14, 2015 - 7:16pm

Posted by Daniel Regalado on Apr 15

Product: Hancom Office Hwp 2014
Vendor: Hancom - www.hancom.com
Versions Affected (32 bits only):

HanWord Viewer 2007 (Korean)
HanWord Viewer 2010 ­ 8.5.6.1158 (English)
HwpViewer 2014 VP- 9.1.0.2186 (English)
Hwp 2014 VP - 9.0.0.1405 (English/Korean)
Version Not vulnerable:
Hwp 2014 VP - 9.1.0.2342 (English/Korean)
Credits:
Daniel Regalado, FireEye
Dan Caselden, FireEye

MITRE CVE: 2015-2810

Timeline:...
Categories:

Bugtraq: [security bulletin] HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities

Security Focus Latest Security Advisories - April 14, 2015 - 7:15pm
[security bulletin] HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities
Categories:

Bugtraq: [security bulletin] HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code

Security Focus Latest Security Advisories - April 14, 2015 - 7:15pm
[security bulletin] HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code
Categories:

Bugtraq: Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information Security Corp

Security Focus Latest Security Advisories - April 14, 2015 - 7:15pm
Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information Security Corp
Categories:

Bugtraq: Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp

Security Focus Latest Security Advisories - April 14, 2015 - 7:15pm
Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp
Categories:

3.4.107: longterm

Linux Kernel Updates - April 14, 2015 - 4:34am
Version:3.4.107 (longterm) Released:2015-04-14 Source:linux-3.4.107.tar.xz PGP Signature:linux-3.4.107.tar.sign Patch:patch-3.4.107.xz (Incremental) ChangeLog:ChangeLog-3.4.107

next-20150414: linux-next

Linux Kernel Updates - April 14, 2015 - 3:38am
Version:next-20150414 (linux-next) Released:2015-04-14