Feed aggregator

next-20160523: linux-next

Linux Kernel Updates - May 23, 2016 - 5:42am
Version:next-20160523 (linux-next) Released:2016-05-23

Bugtraq: [SECURITY] [DSA 3584-1] librsvg security update

[SECURITY] [DSA 3584-1] librsvg security update
Categories:

Bugtraq: [SEARCH-LAB advisory] LG NAS N1A1 multiple vulnerabilities in Familycast

[SEARCH-LAB advisory] LG NAS N1A1 multiple vulnerabilities in Familycast
Categories:

Bugtraq: [ERPSCAN-16-011] SAP NetWeaver AS JAVA â?? SQL injection vulnerability

[ERPSCAN-16-011] SAP NetWeaver AS JAVA â?? SQL injection vulnerability
Categories:

[SECURITY] [DSA 3585-1] wireshark security update

BugTraq Latest Security Advisories - May 23, 2016 - 2:53am

Posted by Moritz Muehlenhoff on May 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3585-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 22, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2016-4006 CVE-2016-4079...
Categories:

[RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries

BugTraq Latest Security Advisories - May 23, 2016 - 2:45am

Posted by Julien Ahrens on May 23

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Postfix Admin
Vendor URL: sourceforge.net/projects/postfixadmin/
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2016-04-23
Date published: 2016-05-21
CVSSv3 Score: 4.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Julien...
Categories:

[slackware-security] curl (SSA:2016-141-01)

BugTraq Latest Security Advisories - May 23, 2016 - 2:35am

Posted by Slackware Security Team on May 23

[slackware-security] curl (SSA:2016-141-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/curl-7.49.0-i486-1_slack14.1.txz: Upgraded.
Fixed a TLS certificate check bypass with mbedTLS/PolarSSL.
For more information, see:
https://curl.haxx.se/docs/adv_20160518.html...
Categories:

3.18.34: longterm

Linux Kernel Updates - May 20, 2016 - 8:48pm
Version:3.18.34 (longterm) Released:2016-05-21 Source:linux-3.18.34.tar.xz PGP Signature:linux-3.18.34.tar.sign Patch:patch-3.18.34.xz (Incremental) ChangeLog:ChangeLog-3.18.34

4.1.25: longterm

Linux Kernel Updates - May 20, 2016 - 8:46pm
Version:4.1.25 (longterm) Released:2016-05-21 Source:linux-4.1.25.tar.xz PGP Signature:linux-4.1.25.tar.sign Patch:patch-4.1.25.xz (Incremental) ChangeLog:ChangeLog-4.1.25

next-20160520: linux-next

Linux Kernel Updates - May 19, 2016 - 11:41pm
Version:next-20160520 (linux-next) Released:2016-05-20

[security bulletin] HPSBGN03564 rev.1 - HPE Release Control using Java Deserialization, Remote Code Execution

BugTraq Latest Security Advisories - May 19, 2016 - 2:42pm

Posted by security-alert on May 19

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05063986

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05063986
Version: 1

HPSBGN03564 rev.1 - HPE Release Control using Java Deserialization, Remote
Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-03-29...
Categories:

[SECURITY] [DSA 3584-1] librsvg security update

BugTraq Latest Security Advisories - May 19, 2016 - 2:25pm

Posted by Salvatore Bonaccorso on May 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3584-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 19, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : librsvg
CVE ID : CVE-2015-7558 CVE-2016-4347...
Categories:

Bugtraq: [ERPSCAN-16-010] SAP NetWeaver AS JAVA â?? information disclosure vulnerability

[ERPSCAN-16-010] SAP NetWeaver AS JAVA â?? information disclosure vulnerability
Categories:

Bugtraq: TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4

TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4
Categories:

[SEARCH-LAB advisory] LG NAS N1A1 multiple vulnerabilities in Familycast

BugTraq Latest Security Advisories - May 19, 2016 - 6:37am

Posted by Gergely Eberhardt on May 19

Access: unauthenticated remote access

Platforms / Firmware confirmed affected:
- LG NAS N1A1 Version 10119, 10/04/2012
- Product page: http://www.lg.com/us/support-product/lg-N1A1DD1

What is Familycast?
-------------------
Familycast is a service running on top of the NAS. According to LG,
Familycast is an: ôLG SMART TV exclusive application which allows the
user to easily access and share photos, music, videos and other data
saved on the net...
Categories:

[ERPSCAN-16-011] SAP NetWeaver AS JAVA – SQL injection vulnerability

BugTraq Latest Security Advisories - May 19, 2016 - 6:28am

Posted by ERPScan inc on May 19

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: SQL injection

Send: 04.12.2015

Reported: 04.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2101079

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA – SQL injection vulnerability

Advisory...
Categories:

[ERPSCAN-16-010] SAP NetWeaver AS JAVA – information disclosure vulnerability

BugTraq Latest Security Advisories - May 19, 2016 - 6:16am

Posted by ERPScan inc on May 19

Application:SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: information disclosure

Sent: 15.09.2015

Reported: 15.09.2015

Vendor response: 16.09.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2256846

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA – information disclosure vulnerability

Advisory...
Categories:

TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4

BugTraq Latest Security Advisories - May 19, 2016 - 6:05am

Posted by mandy on May 19

Madison Gurkha Security Advisory

Advisory: TYPO3 circumvent RemoveXSS.php cross site scripting using BASE64 encoding

1. DETAILS
----------
Product: Typo3 CMS
Vendor URL: typo3.org
Type: Cross-site Scripting[CWE-79]
Date found: 2016-03-09
Date published: 2016-05-19

2. AFFECTED VERSIONS
--------------------
Typo3 6.2.19 and below
Typo3 7.6.4 and below
and other older versions may be affected too.
Until the removal of the RemoveXSS.php function,...
Categories:

next-20160519: linux-next

Linux Kernel Updates - May 19, 2016 - 1:42am
Version:next-20160519 (linux-next) Released:2016-05-19