Feed aggregator

next-20140823: linux-next

Linux Kernel Updates - August 22, 2014 - 4:57pm
Version:next-20140823 (linux-next) Released:2014-08-22

DoS attacks (ICMPv6-based) resulting from IPv6 EH drops

BugTraq Latest Security Advisories - August 22, 2014 - 6:09am

Posted by Fernando Gont on Aug 22

Folks,

Ten days ago or so we published this I-D:
<http://www.ietf.org/internet-drafts/draft-gont-v6ops-ipv6-ehs-in-real-world-00.txt>

Section 5.2 of the I-D discusses a possible attack vector based on a
combination of "forged" ICMPv6 PTB messages and IPv6 frag drops by
operators, along with proposed countermeasures -- but let me offer a
more informal and practical explanation:

1) It is known that filtering of packets containing...
Categories:

[security bulletin] HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Unauthorized Access or Disclosure of Information

BugTraq Latest Security Advisories - August 22, 2014 - 5:59am

Posted by security-alert on Aug 22

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04406535

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04406535
Version: 1

HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote
Unauthorized Access or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[SECURITY] [DSA 3009-1] python-imaging security update

BugTraq Latest Security Advisories - August 22, 2014 - 5:51am

Posted by Moritz Muehlenhoff on Aug 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3009-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
August 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-imaging
CVE ID : CVE-2014-3589

Andrew Drake...
Categories:

CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability

BugTraq Latest Security Advisories - August 22, 2014 - 5:40am

Posted by Herbert Duerr on Aug 22

CVE-2014-3524
OpenOffice Calc Command Injection Vulnerability

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions may also be affected.

Description:
The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be
used for command-injection attacks. Further exploits are possible...
Categories:

CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects

BugTraq Latest Security Advisories - August 22, 2014 - 5:32am

Posted by Herbert Duerr on Aug 22

CVE-2014-3575
OpenOffice Targeted Data Exposure Using Crafted OLE Objects

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions are also affected.

Description:
The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted
document when it is opened. Data exposure is possible if...
Categories:

[CVE-2014-5335] CSRF in Innovaphone PBX

BugTraq Latest Security Advisories - August 22, 2014 - 5:24am

Posted by rg on Aug 22

Title: Innovaphone PBX Admin-GUI CSRF
Impact: High
CVSS2 Score: 7.8 (AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C)
Announced: August 21, 2014
Reporter: Rainer Giedat (NSIDE ATTACK LOGIC GmbH, www.nsideattacklogic.de)
Products: Innovaphone PBX Administration GUI
Affected Versions: all known versions (tested 10.00 sr11)
CVE-id: CVE-2014-5335

Summary
=======

The innovaphone PBX is a powerful and sophisticated VoIP telephone system for use in...
Categories:

[SECURITY] [DSA 3008-2] php5 regression update

BugTraq Latest Security Advisories - August 22, 2014 - 5:16am

Posted by Salvatore Bonaccorso on Aug 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3008-2 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
August 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2014-3538 CVE-2014-3587...
Categories:

Bugtraq: [SECURITY] [DSA 2940-1] libstruts1.2-java security update

Security Focus Latest Security Advisories - August 22, 2014 - 5:00am
[SECURITY] [DSA 2940-1] libstruts1.2-java security update
Categories:

Bugtraq: [SECURITY] [DSA 3008-1] php5 security update

Security Focus Latest Security Advisories - August 22, 2014 - 5:00am
[SECURITY] [DSA 3008-1] php5 security update
Categories:

Bugtraq: ToorCon 16 Call For Papers!

Security Focus Latest Security Advisories - August 22, 2014 - 5:00am
ToorCon 16 Call For Papers!
Categories:

Bugtraq: ArcGIS for Server Vulnerability Disclosure

Security Focus Latest Security Advisories - August 22, 2014 - 5:00am
ArcGIS for Server Vulnerability Disclosure
Categories:

Vuln: Oracle Java SE CVE-2014-0460 Remote Security Vulnerability

Security Focus Latest Security Advisories - August 21, 2014 - 11:00pm
Oracle Java SE CVE-2014-0460 Remote Security Vulnerability
Categories:

Vuln: TimThumb 'timthumb.php' CVE-2010-5303 Cross Site Scripting Vulnerability

Security Focus Latest Security Advisories - August 21, 2014 - 11:00pm
TimThumb 'timthumb.php' CVE-2010-5303 Cross Site Scripting Vulnerability
Categories:

Vuln: TimThumb 'timthumb.php' CVE-2010-5302 Cross Site Scripting Vulnerability

Security Focus Latest Security Advisories - August 21, 2014 - 11:00pm
TimThumb 'timthumb.php' CVE-2010-5302 Cross Site Scripting Vulnerability
Categories:

Vuln: V8 JavaScript Engine Denial of Service Vulnerability

Security Focus Latest Security Advisories - August 21, 2014 - 11:00pm
V8 JavaScript Engine Denial of Service Vulnerability
Categories:

Vuln: Google Android CVE-2013-6272 Remote Security Bypass Vulnerability

Security Focus Latest Security Advisories - August 21, 2014 - 11:00pm
Google Android CVE-2013-6272 Remote Security Bypass Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4209 Remote Security Vulnerability

Security Focus Latest Security Advisories - August 21, 2014 - 11:00pm
Oracle Java SE CVE-2014-4209 Remote Security Vulnerability
Categories:

Vuln: AlienVault OSSIM and Unified Security Management 'newpolicyform.php' SQL Injection Vulnerability

Security Focus Latest Security Advisories - August 21, 2014 - 11:00pm
AlienVault OSSIM and Unified Security Management 'newpolicyform.php' SQL Injection Vulnerability
Categories:

Vuln: Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability

Security Focus Latest Security Advisories - August 21, 2014 - 11:00pm
Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
Categories: