BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 15 min ago

[SECURITY] [DSA 3928-2] firefox-esr security update

13 hours 2 min ago

Posted by Moritz Muehlenhoff on Aug 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3928-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2017-7753 CVE-2017-7779...
Categories:

Microsoft Resnet - DNS Configuration Web Vulnerability

August 16, 2017 - 1:31pm

Posted by Vulnerability Lab on Aug 16

Document Title:
===============
Microsoft Resnet - DNS Configuration Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2087

Acknowledgements: https://technet.microsoft.com/en-us/security/cc308589.aspx

Release Date:
=============
2017-08-16

Vulnerability Laboratory ID (VL-ID):
====================================
2087

Common Vulnerability Scoring System:...
Categories:

FreeBSD <= 10.3 jail SHM hole

August 16, 2017 - 5:13am

Posted by WhiteWinterWolf on Aug 16

AFFECTED PRODUCTS

This issue affects FreeBSD from 7.0 to 10.3 included.

DESCRIPTION

FreeBSD jail incompletely protects the access to the IPC primitives.

The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC
objects unprotected, making them reachable system-wide independently of
the system configuration.

This creates two main weaknesses:

- An attacker able to execute commands in one jail can attack processes...
Categories:

[SECURITY] [DSA 3943-1] gajim security update

August 15, 2017 - 1:07am

Posted by Salvatore Bonaccorso on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-3943-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gajim
CVE ID : CVE-2016-10376
Debian Bug :...
Categories:

CVE-2017-9802: Apache Sling XSS vulnerability

August 14, 2017 - 7:25am

Posted by Robert Munteanu on Aug 14

CVE-2017-9802: Apache Sling XSS vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Sling Servlets Post 2.3.20

Description:
The Javascript method Sling.evalString() uses the javascript `eval`
function to parse input strings, which allows for XSS attacks by
passing specially crafted input strings.

Mitigation:
Users should upgrade to version 2.3.22 or later of the Sling Servlets
Post bundle....
Categories:

[CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability

August 14, 2017 - 7:11am

Posted by x62x65x6e on Aug 14

# Vulnerability type: Multiple Stored Cross Site Scripting
# Vendor: Quali
# Product: CloudShell
# Affected version: v7.1.0.6508 (Patch 6)
# Patched version: v8 and up
# Credit: Benjamin Lee
# CVE ID: CVE-2017-9767

==========================================================

# Overview
Quali CloudShell (v7.1.0.6508 Patch 6) is vulnerable to multiple stored XSS vulnerabilities on its platform this can be
exploited to execute arbitrary HTML and...
Categories:

[SECURITY] [DSA 3940-1] iortcw security update

August 14, 2017 - 3:49am

Posted by Moritz Muehlenhoff on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-3940-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 13, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iortcw
CVE ID : CVE-2017-11721

A read buffer...
Categories:

[slackware-security] mercurial (SSA:2017-223-03)

August 14, 2017 - 3:35am

Posted by Slackware Security Team on Aug 14

[slackware-security] mercurial (SSA:2017-223-03)

New mercurial packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mercurial-4.3.1-i586-1_slack14.2.txz: Upgraded.
Fixes security issues:
Mercurial's symlink auditing was incomplete prior to 4.3, and could
be abused to write to files outside the...
Categories:

[SECURITY] [DSA 3937-1] zabbix security update

August 14, 2017 - 3:21am

Posted by Moritz Muehlenhoff on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-3937-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 12, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : zabbix
CVE ID : CVE-2017-2824 CVE-2017-2825

Lilith...
Categories:

[SECURITY] [DSA 3936-1] postgresql-9.6 security update

August 11, 2017 - 2:16am

Posted by Moritz Muehlenhoff on Aug 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-3936-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-9.6
CVE ID : CVE-2017-7546 CVE-2017-7547...
Categories:

[SECURITY] [DSA 3935-1] postgresql-9.4 security update

August 11, 2017 - 2:03am

Posted by Moritz Muehlenhoff on Aug 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-3935-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-9.4
CVE ID : CVE-2017-7546 CVE-2017-7547...
Categories:

[security bulletin] HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center Network Manager (DCNM), Remote Code Execution

August 11, 2017 - 1:50am

Posted by security-alert on Aug 10

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesb3p03762en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesb3p03762en_us
Version: 1

HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center
Network Manager (DCNM), Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[ANN] Apache Struts: S2-049 Security Bulletin update

August 11, 2017 - 1:36am

Posted by Lukasz Lenart on Aug 10

This is an update of the recently announced Security Bulletin S2-049 -
http://struts.apache.org/docs/s2-049.html

The bulletin was extended with an additional information when the
potential vulnerability can be present in your application. Please
re-read the mentioned bulletin and apply required actions if needed.

Please report any problems back to the Struts Security mailing list -
security () struts apache org

Kind regards
Categories:

[SECURITY] [DSA 3932-1] subversion security update

August 10, 2017 - 3:21pm

Posted by Sebastien Delafond on Aug 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-3932-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : subversion
CVE ID : CVE-2016-8734 CVE-2017-9800...
Categories:

[SECURITY] [DSA 3933-1] pjproject security update

August 10, 2017 - 3:06pm

Posted by Moritz Muehlenhoff on Aug 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-3933-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pjproject
CVE ID : CVE-2017-9359 CVE-2017-9372

Two...
Categories:

[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released

August 10, 2017 - 2:52pm

Posted by Daniel Shahaf on Aug 10

I'm happy to announce the release of Apache Subversion 1.9.7.
Please choose the mirror closest to you by visiting:

http://subversion.apache.org/download.cgi?update=201708081800#recommended-release

This is a stable security release of the Apache Subversion open source
version control system. It fixes one security issue:

CVE-2017-9800:
Arbitrary code execution on clients through malicious svn+ssh URLs in
svn:externals and...
Categories:

[SECURITY] [DSA 3929-1] libsoup2.4 security update

August 10, 2017 - 9:27am

Posted by Salvatore Bonaccorso on Aug 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-3929-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libsoup2.4
CVE ID : CVE-2017-2885
Debian Bug :...
Categories:

[slackware-security] curl (SSA:2017-221-01)

August 10, 2017 - 9:12am

Posted by Slackware Security Team on Aug 10

[slackware-security] curl (SSA:2017-221-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.55.0-i586-1_slack14.2.txz: Upgraded.
This update fixes three security issues:
URL globbing out of bounds read
TFTP sends more than buffer size
FILE buffer read out...
Categories:

[slackware-security] mozilla-firefox (SSA:2017-221-02)

August 10, 2017 - 8:58am

Posted by Slackware Security Team on Aug 10

[slackware-security] mozilla-firefox (SSA:2017-221-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories: