BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 9 min ago

[security bulletin] HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities

August 25, 2014 - 4:58am

Posted by security-alert on Aug 25

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04388127

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04388127
Version: 1

HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-08-22
Last Updated: 2014-08-22...
Categories:

DoS attacks (ICMPv6-based) resulting from IPv6 EH drops

August 22, 2014 - 6:09am

Posted by Fernando Gont on Aug 22

Folks,

Ten days ago or so we published this I-D:
<http://www.ietf.org/internet-drafts/draft-gont-v6ops-ipv6-ehs-in-real-world-00.txt>

Section 5.2 of the I-D discusses a possible attack vector based on a
combination of "forged" ICMPv6 PTB messages and IPv6 frag drops by
operators, along with proposed countermeasures -- but let me offer a
more informal and practical explanation:

1) It is known that filtering of packets containing...
Categories:

[security bulletin] HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Unauthorized Access or Disclosure of Information

August 22, 2014 - 5:59am

Posted by security-alert on Aug 22

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04406535

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04406535
Version: 1

HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote
Unauthorized Access or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[SECURITY] [DSA 3009-1] python-imaging security update

August 22, 2014 - 5:51am

Posted by Moritz Muehlenhoff on Aug 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3009-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
August 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-imaging
CVE ID : CVE-2014-3589

Andrew Drake...
Categories:

CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability

August 22, 2014 - 5:40am

Posted by Herbert Duerr on Aug 22

CVE-2014-3524
OpenOffice Calc Command Injection Vulnerability

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions may also be affected.

Description:
The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be
used for command-injection attacks. Further exploits are possible...
Categories:

CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects

August 22, 2014 - 5:32am

Posted by Herbert Duerr on Aug 22

CVE-2014-3575
OpenOffice Targeted Data Exposure Using Crafted OLE Objects

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions are also affected.

Description:
The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted
document when it is opened. Data exposure is possible if...
Categories:

[CVE-2014-5335] CSRF in Innovaphone PBX

August 22, 2014 - 5:24am

Posted by rg on Aug 22

Title: Innovaphone PBX Admin-GUI CSRF
Impact: High
CVSS2 Score: 7.8 (AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C)
Announced: August 21, 2014
Reporter: Rainer Giedat (NSIDE ATTACK LOGIC GmbH, www.nsideattacklogic.de)
Products: Innovaphone PBX Administration GUI
Affected Versions: all known versions (tested 10.00 sr11)
CVE-id: CVE-2014-5335

Summary
=======

The innovaphone PBX is a powerful and sophisticated VoIP telephone system for use in...
Categories:

[SECURITY] [DSA 3008-2] php5 regression update

August 22, 2014 - 5:16am

Posted by Salvatore Bonaccorso on Aug 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3008-2 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
August 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2014-3538 CVE-2014-3587...
Categories: