BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 46 sec ago

[SECURITY] [DSA 3017-1] php-cas security update

September 2, 2014 - 1:05pm

Posted by Thijs Kinkhorst on Sep 02

-------------------------------------------------------------------------
Debian Security Advisory DSA-3017-1 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
September 2, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php-cas
CVE ID : CVE-2014-4172...
Categories:

Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability

September 2, 2014 - 12:52pm

Posted by Vulnerability Lab on Sep 02

Document Title:
===============
Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1280

Video: http://www.vulnerability-lab.com/get_content.php?id=1281

Vulnerability Magazine:
http://vulnerability-db.com/magazine/articles/2014/09/02/apple-ios-712-device-allows-local-attackers-merge-apps-ahead-pass-code-screen

Release Date:...
Categories:

Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames

September 2, 2014 - 12:42pm

Posted by Stefan Kanthak on Sep 02

Hi @ll,

Microsoft Office 2010 registers the following command lines with unquoted
pathnames containing spaces for various supported file types:

| C:\> FType | FIND.EXE "=%ProgramFiles%\Microsoft "
|
| access=C:\Program Files\Microsoft Office\Office14\protocolhandler.exe "%1"
| Access.ACCDAExtension.14=C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE /NOSTARTUP "%1"
| Access.Extension.14=C:\Program...
Categories:

[ MDVSA-2014:171 ] dhcpcd

September 2, 2014 - 12:31pm

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:171
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : dhcpcd
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:170 ] jakarta-commons-httpclient

September 2, 2014 - 12:22pm

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:170
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : jakarta-commons-httpclient
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem...
Categories:

[ MDVSA-2014:169 ] bugzilla

September 2, 2014 - 12:14pm

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:169
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : bugzilla
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:168 ] libvncserver

September 2, 2014 - 12:05pm

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:168
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : libvncserver
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:167 ] file

September 2, 2014 - 11:55am

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:167
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : file
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:166 ] serf

September 2, 2014 - 11:43am

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:166
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : serf
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:165 ] krb5

September 2, 2014 - 11:32am

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:165
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : krb5
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:163 ] python-imaging

September 2, 2014 - 11:21am

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:163
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : python-imaging
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:164 ] phpmyadmin

September 2, 2014 - 11:11am

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:164
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:162 ] catfish

September 2, 2014 - 11:01am

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:162
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : catfish
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:161 ] subversion

September 2, 2014 - 10:50am

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:161
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : subversion
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:160 ] gpgme

September 2, 2014 - 10:41am

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:160
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : gpgme
Date : September 2, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

September 2, 2014 - 10:29am

Posted by John Leo on Sep 02

"source code"
It's here:
https://checkssh.com/result/indexdotphp.txt
Extremely short and easy to read.

"trust the service operators"
Hey, trust your own eyes. :-) Feel free to audit/use our code.

"a better solution is to use Monkeysphere"
Professional "certificate authority" vs "OpenPGP web of trust"
Personally I feel more comfortable with CA.

Best Wishes,
Categories:

Re: SSH host key fingerprint - through HTTPS

September 2, 2014 - 10:19am

Posted by John Leo on Sep 02

Thanks. Yes, your suggestion is cool.

Best Wishes,
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

September 2, 2014 - 10:08am

Posted by John Leo on Sep 02

Nice to hear from you!

I can only wish your suggestion is widely implemented. And don't forget those machines without domain.

Best Wishes,
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

September 2, 2014 - 9:57am

Posted by John Leo on Sep 02

Good to hear from you!

"marginally better"
We never said this is perfect. checkssh.com stops LOCAL bad boys. That's all.

"both myself and that site are BOTH falling victim"
Ah, here is the source code...
https://checkssh.com/result/indexdotphp.txt
It's extremely short and easy to read. You can set up your own Check SSH(where you trust).

"more robust alternatives"
Trust me - HTTPS is more mature. And our...
Categories:

Re: SSH host key fingerprint - through HTTPS

September 2, 2014 - 9:47am

Posted by Jamie Riden on Sep 02

If your HTTPS is not being MiTMed as well... (or the edge case - if it
is not John Leo doing the MiTMing of your SSH connection :)

If you trust Mr Leo *and* you know what that HTTPS cert should look
like, it may be of use. Personally, I'd rather do it more out-of-band
than this, but could be handy in a pinch I guess.

cheers,
Jamie
Categories: