Feed aggregator

[slackware-security] openssl (SSA:2014-288-01)

BugTraq Latest Security Advisories - October 16, 2014 - 5:43am

Posted by Slackware Security Team on Oct 16

[slackware-security] openssl (SSA:2014-288-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded.
(* Security fix *)
patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded.
This update fixes several security...
Categories:

Bypassing blacklists based on IPy

BugTraq Latest Security Advisories - October 16, 2014 - 5:33am

Posted by Nicolas Grégoire on Oct 16

IPy is a Python "class and tools for handling of IPv4 and IPv6 addresses
and networks" (https://github.com/haypo/python-ipy). This library is
sometimes used to implement blacklists forbidding internal, private or
loopback addresses.

Using octal encoding (supported by urllib2), it is possible to bypass
checks based on the result of the iptype() function. For example, IP
address '0177.0000.0000.0001' is considered as...
Categories:

[SECURITY] [DSA 3051-1] drupal7 security update

BugTraq Latest Security Advisories - October 16, 2014 - 5:26am

Posted by Moritz Muehlenhoff on Oct 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3051-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2014-3704

Stefan Horst...
Categories:

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

BugTraq Latest Security Advisories - October 16, 2014 - 5:18am

Posted by Cisco Systems Product Security Incident Response Team on Oct 16

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Advisory ID: cisco-sa-20141015-poodle

Revision 1.0

For Public Release 2014 October 15 17:30 UTC (GMT)

+---------------------------------------------------------------------

Summary
+======

On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when
using a block cipher in Cipher...
Categories:

Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

BugTraq Latest Security Advisories - October 16, 2014 - 5:07am

Posted by Stefan Horst on Oct 16

SektionEins GmbH
www.sektioneins.de

-= Security Advisory =-

Advisory: Drupal - pre-auth SQL Injection Vulnerability
Release Date: 2014/10/15
Last Modified: 2014/10/15
Author: Stefan Horst [stefan.horst[at]sektioneins.de]
Application: Drupal >= 7.0 <= 7.31
Severity: Full SQL injection, which results in total control and code execution of Website.
Risk: Highly Critical...
Categories:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

BugTraq Latest Security Advisories - October 16, 2014 - 4:58am

Posted by Cisco Systems Product Security Incident Response Team on Oct 16

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway
Software

Advisory ID: cisco-sa-20141015-vcs

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs

Revision 1.0

For Public Release 2014 October 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence Video...
Categories:

Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

BugTraq Latest Security Advisories - October 16, 2014 - 4:50am

Posted by Cisco Systems Product Security Incident Response Team on Oct 16

Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

Advisory ID: cisco-sa-20141015-mcu

Revision 1.0

For Public Release 2014 October 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker
to cause the exhaustion of available memory...
Categories:

Bugtraq: SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces

Security Focus Latest Security Advisories - October 16, 2014 - 4:45am
SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces
Categories:

Bugtraq: Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin

Security Focus Latest Security Advisories - October 16, 2014 - 4:45am
Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin
Categories:

Bugtraq: Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

Security Focus Latest Security Advisories - October 16, 2014 - 4:45am
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin
Categories:

Bugtraq: Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability

Security Focus Latest Security Advisories - October 16, 2014 - 4:45am
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability
Categories:

next-20141016: linux-next

Linux Kernel Updates - October 15, 2014 - 11:59pm
Version:next-20141016 (linux-next) Released:2014-10-16

Vuln: OpenSSH Certificate Validation Security Bypass Vulnerability

Security Focus Latest Security Advisories - October 15, 2014 - 11:00pm
OpenSSH Certificate Validation Security Bypass Vulnerability
Categories:

Vuln: OpenSSH 'child_set_env()' Function Security Bypass Vulnerability

Security Focus Latest Security Advisories - October 15, 2014 - 11:00pm
OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
Categories:

Vuln: Multiple Huawei Switches Information Disclosure Vulnerability

Security Focus Latest Security Advisories - October 15, 2014 - 11:00pm
Multiple Huawei Switches Information Disclosure Vulnerability
Categories:

Vuln: Adobe Flash Player and AIR CVE-2014-0564 Unspecified Memory Corruption Vulnerability

Security Focus Latest Security Advisories - October 15, 2014 - 11:00pm
Adobe Flash Player and AIR CVE-2014-0564 Unspecified Memory Corruption Vulnerability
Categories:

Vuln: Mozilla Firefox/Thunderbird CVE-2014-1574 Multiple Memory Corruption Vulnerabilities

Security Focus Latest Security Advisories - October 15, 2014 - 11:00pm
Mozilla Firefox/Thunderbird CVE-2014-1574 Multiple Memory Corruption Vulnerabilities
Categories:

Vuln: Oracle MySQL Server Username Enumeration Weakness

Security Focus Latest Security Advisories - October 15, 2014 - 11:00pm
Oracle MySQL Server Username Enumeration Weakness
Categories:

Vuln: MySQL MyISAM Insecure Temporary File Creation Vulnerability

Security Focus Latest Security Advisories - October 15, 2014 - 11:00pm
MySQL MyISAM Insecure Temporary File Creation Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-6504 Remote Security Vulnerability

Security Focus Latest Security Advisories - October 15, 2014 - 11:00pm
Oracle Java SE CVE-2014-6504 Remote Security Vulnerability
Categories: