Feed aggregator

[slackware-security] proftpd (SSA:2017-112-03)

BugTraq Latest Security Advisories - April 25, 2017 - 4:07am

Posted by Slackware Security Team on Apr 25

[slackware-security] proftpd (SSA:2017-112-03)

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/proftpd-1.3.5e-i586-1_slack14.2.txz: Upgraded.
This release fixes a security issue:
AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks.
For...
Categories:

Bugtraq: Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

Security Focus Latest Security Advisories - April 25, 2017 - 3:00am
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
Categories:

Bugtraq: CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake

Security Focus Latest Security Advisories - April 25, 2017 - 3:00am
CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake
Categories:

Bugtraq: CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass

Security Focus Latest Security Advisories - April 25, 2017 - 3:00am
CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass
Categories:

Bugtraq: [SECURITY] [DSA 3831-1] firefox-esr security update

Security Focus Latest Security Advisories - April 25, 2017 - 3:00am
[SECURITY] [DSA 3831-1] firefox-esr security update
Categories:

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

BugTraq Latest Security Advisories - April 25, 2017 - 2:21am

Posted by Securify B.V. on Apr 25

------------------------------------------------------------------------
Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
------------------------------------------------------------------------
Remco Vermeulen, April 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered...
Categories:

CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake

BugTraq Latest Security Advisories - April 25, 2017 - 2:13am

Posted by Security Advisories on Apr 25

Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-5887
Type: SSL Pinning bypass

Abstract
--------

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because pinning occurs in the stream function (this is too
late; pinning should occur in the initStreamsWithData function).

Description
-----------

The open-source Starscream library provides a SWIFT implementation of
the websocket framework. It...
Categories:

Bugtraq: [HITB-Announce] HITB GSEC 2017 CFP Closes April 30th

Security Focus Latest Security Advisories - April 25, 2017 - 1:00am
[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th
Categories:

Bugtraq: October CMS v1.0.412 several vulnerabilities

Security Focus Latest Security Advisories - April 25, 2017 - 1:00am
October CMS v1.0.412 several vulnerabilities
Categories:

Vuln: Portrait Displays SDK CVE-2017-3210 Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
Portrait Displays SDK CVE-2017-3210 Local Privilege Escalation Vulnerability
Categories:

Vuln: IBM Cúram Social Program Management CVE-2016-9980 Unspecified Cross Site Scripting Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
IBM Cúram Social Program Management CVE-2016-9980 Unspecified Cross Site Scripting Vulnerability
Categories:

Vuln: Oracle MySQL Server CVE-2017-3458 Remote Security Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
Oracle MySQL Server CVE-2017-3458 Remote Security Vulnerability
Categories:

Vuln: Oracle Hospitality OPERA 5 Property Services CVE-2017-3568 Local Security Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
Oracle Hospitality OPERA 5 Property Services CVE-2017-3568 Local Security Vulnerability
Categories:

Vuln: Oracle MySQL Connectors CVE-2017-3589 Local Security Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
Oracle MySQL Connectors CVE-2017-3589 Local Security Vulnerability
Categories:

Vuln: Oracle MySQL Workbench CVE-2017-3469 Remote Security Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
Oracle MySQL Workbench CVE-2017-3469 Remote Security Vulnerability
Categories:

Vuln: Google Nexus Qualcomm Crypto Engine Driver CVE-2016-10230 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
Google Nexus Qualcomm Crypto Engine Driver CVE-2016-10230 Remote Code Execution Vulnerability
Categories:

Vuln: IBM Security Guardium CVE-2017-1122 Local Command Injection Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
IBM Security Guardium CVE-2017-1122 Local Command Injection Vulnerability
Categories:

Vuln: Linux Kernel CVE-2017-8066 Local Denial of Service Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
Linux Kernel CVE-2017-8066 Local Denial of Service Vulnerability
Categories:

Vuln: Linux Kernel 'drivers/char/virtio_console.c' Local Denial of Service Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
Linux Kernel 'drivers/char/virtio_console.c' Local Denial of Service Vulnerability
Categories:

Vuln: Oracle MySQL Server CVE-2017-3453 Remote Security Vulnerability

Security Focus Latest Security Advisories - April 24, 2017 - 11:00pm
Oracle MySQL Server CVE-2017-3453 Remote Security Vulnerability
Categories: