Feed aggregator

CA20160721-01: Security Notice for CA eHealth

BugTraq Latest Security Advisories - July 25, 2016 - 2:44am

Posted by Kotas, Kevin J on Jul 25

CA20160721-01: Security Notice for CA eHealth

Issued: 2016-07-21
Last Updated: 2016-07-21

CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
to these...
Categories:

[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

BugTraq Latest Security Advisories - July 25, 2016 - 2:34am

Posted by Tim Allison on Jul 25

CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: POI 3.5-3.13

Description:

Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and users that use
XLSX2CSV and accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allow remote...
Categories:

MySQL zero-day vulnerabilities (July 2016 CPU)

BugTraq Latest Security Advisories - July 25, 2016 - 2:25am

Posted by lem . nikolas on Jul 25

MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google,
Facebook, Twitter just to cite a few..

In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to
identify and mitigate those vulnerabilities.

Sincere thanks to Oracle Inc for the prompt response and adequate mitigation to the issues.

You can get a copy of the report...
Categories:

next-20160725: linux-next

Linux Kernel Updates - July 25, 2016 - 1:14am
Version:next-20160725 (linux-next) Released:2016-07-25

Vuln: Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
Categories:

Vuln: PHP 'zip_stream.c' Integer Overflow Vulnerability

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
PHP 'zip_stream.c' Integer Overflow Vulnerability
Categories:

Vuln: PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability
Categories:

Vuln: PHP 'snmp.c' Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
PHP 'snmp.c' Denial of Service Vulnerability
Categories:

4.7: mainline

Linux Kernel Updates - July 24, 2016 - 2:24pm
Version:4.7 (mainline) Released:2016-07-24 Source:linux-4.7.tar.xz PGP Signature:linux-4.7.tar.sign Patch:patch-4.7.xz

next-20160724: linux-next

Linux Kernel Updates - July 24, 2016 - 3:17am
Version:next-20160724 (linux-next) Released:2016-07-24

Bugtraq: [security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS)

[security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS)
Categories:

[SECURITY] [DSA 3625-1] squid3 security update

BugTraq Latest Security Advisories - July 22, 2016 - 4:39am

Posted by Sebastien Delafond on Jul 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3625-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
July 22, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : squid3
CVE ID : CVE-2016-4051 CVE-2016-4052...
Categories:

next-20160722: linux-next

Linux Kernel Updates - July 22, 2016 - 2:07am
Version:next-20160722 (linux-next) Released:2016-07-22

Dreammail 5 mail client XSS Vulnerability

BugTraq Latest Security Advisories - July 22, 2016 - 1:28am

Posted by wwiinngd on Jul 21

Title: Dreammail 5 mail client XSS Vulnerability
Software : Dreammail

Software Version : v5.16

Vendor: www.dreammail.org

Vulnerability Published : 2016-03-21

Author:zhenwei_qi
Email:wwiinngd () gmail com
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)

Bug Description :
DreamMail is an email client application, which allows its users to send, receive, and

manage emails.
Dreammail (ver 5.16) may be compromised by...
Categories:

[slackware-security] gimp (SSA:2016-203-01)

BugTraq Latest Security Advisories - July 22, 2016 - 1:15am

Posted by Slackware Security Team on Jul 21

[slackware-security] gimp (SSA:2016-203-01)

New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gimp-2.8.18-i586-1_slack14.2.txz: Upgraded.
This release fixes a security issue:
Use-after-free vulnerability in the xcf_load_image function in
app/xcf/xcf-load.c in GIMP allows remote...
Categories:

[slackware-security] php (SSA:2016-203-02)

BugTraq Latest Security Advisories - July 22, 2016 - 1:05am

Posted by Slackware Security Team on Jul 21

[slackware-security] php (SSA:2016-203-02)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.24...
Categories:

Bugtraq: CVE-2016-5399: php: out-of-bounds write in bzread()

CVE-2016-5399: php: out-of-bounds write in bzread()
Categories:

Bugtraq: Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF)

Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF)
Categories:

Bugtraq: Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin

Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin
Categories:

Bugtraq: Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability

Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability
Categories: