Feed aggregator

[SECURITY] [DSA 3056-1] libtasn1-3 security update

BugTraq Latest Security Advisories - October 27, 2014 - 9:39am

Posted by Sebastien Delafond on Oct 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3056-1 security () debian org
http://www.debian.org/security/ Sebastien Delafond
October 26, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libtasn1-3
CVE ID : CVE-2014-3467 CVE-2014-3468...
Categories:

Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015

BugTraq Latest Security Advisories - October 27, 2014 - 9:30am

Posted by ML on Oct 27

------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The WorldCIST'15 - 3rd World Conference on Information Systems and Technologies, to be held at Ponta Delgada, São
Miguel, Azores, Portugal, 1 - 3...
Categories:

[CVE-2014-8347] Filemaker Login Bypass and Privilege Escalation

BugTraq Latest Security Advisories - October 27, 2014 - 9:22am

Posted by g-damore on Oct 27

Filemaker Login Bypass and Privilege Escalation
=======================================================================

[ADVISORY INFORMATION]

Title: Filemaker Login Bypass and Privilege Escalation
Discovery date: 19/10/2014
Release date: 19/10/2014
Vendor Homepage: www.filemaker.com
Version: Filemaker Pro 13.0v3 - FileMaker Pro Advanced 12.0v4
Credits: Giuseppe...
Categories:

NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability

BugTraq Latest Security Advisories - October 27, 2014 - 9:13am

Posted by VMware Security Response Center on Oct 27

------------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2014-0011
Synopsis: VMware vSphere Data Protection product update addresses a
critical information disclosure vulnerability.
Issue date: 2014-10-22
Updated on: 2014-10-22 (Initial Advisory)
CVE number: CVE-2014-4624

------------------------------------------------------------------------

1....
Categories:

iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries

BugTraq Latest Security Advisories - October 27, 2014 - 9:04am

Posted by Stefan Kanthak on Oct 27

Hi @ll,

the just released iTunes 12.0.1 for Windows still (cf.
<http://seclists.org/fulldisclosure/2014/Jul/30>) comes
with COMPLETELY outdated and VULNERAEBLE 3rd party libraries
(as part of AppleMobileDeviceSupport.msi):

* libeay32.dll and ssleay32.dll 0.9.8d

are more than SEVEN years old and have at least 27 unfixed CVEs!

* libcurl.dll 7.16.2

is more than SEVEN years old and has at least 18 unfixed CVEs!
the current version...
Categories:

Bugtraq: [ MDVSA-2014:209 ] java-1.7.0-openjdk

Security Focus Latest Security Advisories - October 27, 2014 - 9:00am
[ MDVSA-2014:209 ] java-1.7.0-openjdk
Categories:

Bugtraq: [ MDVSA-2014:208 ] phpmyadmin

Security Focus Latest Security Advisories - October 27, 2014 - 9:00am
[ MDVSA-2014:208 ] phpmyadmin
Categories:

Bugtraq: [ MDVSA-2014:207 ] ejabberd

Security Focus Latest Security Advisories - October 27, 2014 - 9:00am
[ MDVSA-2014:207 ] ejabberd
Categories:

Bugtraq: [ MDVSA-2014:206 ] ctags

Security Focus Latest Security Advisories - October 27, 2014 - 9:00am
[ MDVSA-2014:206 ] ctags
Categories:

Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1

BugTraq Latest Security Advisories - October 27, 2014 - 8:55am

Posted by Stefan Kanthak on Oct 27

Hi @ll,

the just released QuickTime 7.7.6 and iTunes 12.0.1 for Windows still
have quite some of the beginners errors I documented in
<http://seclists.org/fulldisclosure/2014/Aug/33> and
<http://seclists.org/fulldisclosure/2014/Aug/44>

QuickTime 7.7.6:

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\QuickTime\shell\open\command]
@="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"

iTunes 12.0.1:...
Categories:

next-20141027: linux-next

Linux Kernel Updates - October 27, 2014 - 12:08am
Version:next-20141027 (linux-next) Released:2014-10-27

Vuln: MIT Kerberos 5 'setup_server_realm()' Function CVE-2013-1418 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
MIT Kerberos 5 'setup_server_realm()' Function CVE-2013-1418 Remote Denial of Service Vulnerability
Categories:

Vuln: MIT Kerberos 5 CVE-2013-6800 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
MIT Kerberos 5 CVE-2013-6800 Remote Denial of Service Vulnerability
Categories:

Vuln: MIT Kerberos 5 CVE-2014-4341 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
MIT Kerberos 5 CVE-2014-4341 Remote Denial of Service Vulnerability
Categories:

Vuln: binutils Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
binutils Remote Denial of Service Vulnerability
Categories:

Vuln: CKEditor Preview Plugin CVE-2014-5191 Unspecified Cross Site Scripting Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
CKEditor Preview Plugin CVE-2014-5191 Unspecified Cross Site Scripting Vulnerability
Categories:

Vuln: Oberhumer LZO CVE-2014-4607 Multiple Memory Corruption Vulnerabilities

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
Oberhumer LZO CVE-2014-4607 Multiple Memory Corruption Vulnerabilities
Categories:

Vuln: PHP FPM 'php-fpm.conf.in' Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
PHP FPM 'php-fpm.conf.in' Local Privilege Escalation Vulnerability
Categories:

Vuln: GNU Libtasn1 CVE-2014-3468 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
GNU Libtasn1 CVE-2014-3468 Remote Code Execution Vulnerability
Categories:

Vuln: GNU Libtasn1 CVE-2014-3467 Multiple Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
GNU Libtasn1 CVE-2014-3467 Multiple Denial of Service Vulnerabilities
Categories: