BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 49 min 6 sec ago

[SECURITY] [DSA 3946-1] libmspack security update

August 18, 2017 - 5:13am

Posted by Sebastien Delafond on Aug 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3946-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libmspack
CVE ID : CVE-2017-6419 CVE-2017-11423...
Categories:

[SECURITY] [DSA 3928-2] firefox-esr security update

August 17, 2017 - 1:13am

Posted by Moritz Muehlenhoff on Aug 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3928-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2017-7753 CVE-2017-7779...
Categories:

Microsoft Resnet - DNS Configuration Web Vulnerability

August 16, 2017 - 1:31pm

Posted by Vulnerability Lab on Aug 16

Document Title:
===============
Microsoft Resnet - DNS Configuration Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2087

Acknowledgements: https://technet.microsoft.com/en-us/security/cc308589.aspx

Release Date:
=============
2017-08-16

Vulnerability Laboratory ID (VL-ID):
====================================
2087

Common Vulnerability Scoring System:...
Categories:

FreeBSD <= 10.3 jail SHM hole

August 16, 2017 - 5:13am

Posted by WhiteWinterWolf on Aug 16

AFFECTED PRODUCTS

This issue affects FreeBSD from 7.0 to 10.3 included.

DESCRIPTION

FreeBSD jail incompletely protects the access to the IPC primitives.

The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC
objects unprotected, making them reachable system-wide independently of
the system configuration.

This creates two main weaknesses:

- An attacker able to execute commands in one jail can attack processes...
Categories:

[SECURITY] [DSA 3943-1] gajim security update

August 15, 2017 - 1:07am

Posted by Salvatore Bonaccorso on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-3943-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gajim
CVE ID : CVE-2016-10376
Debian Bug :...
Categories:

CVE-2017-9802: Apache Sling XSS vulnerability

August 14, 2017 - 7:25am

Posted by Robert Munteanu on Aug 14

CVE-2017-9802: Apache Sling XSS vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Sling Servlets Post 2.3.20

Description:
The Javascript method Sling.evalString() uses the javascript `eval`
function to parse input strings, which allows for XSS attacks by
passing specially crafted input strings.

Mitigation:
Users should upgrade to version 2.3.22 or later of the Sling Servlets
Post bundle....
Categories:

[CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability

August 14, 2017 - 7:11am

Posted by x62x65x6e on Aug 14

# Vulnerability type: Multiple Stored Cross Site Scripting
# Vendor: Quali
# Product: CloudShell
# Affected version: v7.1.0.6508 (Patch 6)
# Patched version: v8 and up
# Credit: Benjamin Lee
# CVE ID: CVE-2017-9767

==========================================================

# Overview
Quali CloudShell (v7.1.0.6508 Patch 6) is vulnerable to multiple stored XSS vulnerabilities on its platform this can be
exploited to execute arbitrary HTML and...
Categories:

[SECURITY] [DSA 3940-1] iortcw security update

August 14, 2017 - 3:49am

Posted by Moritz Muehlenhoff on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-3940-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 13, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iortcw
CVE ID : CVE-2017-11721

A read buffer...
Categories:

[slackware-security] mercurial (SSA:2017-223-03)

August 14, 2017 - 3:35am

Posted by Slackware Security Team on Aug 14

[slackware-security] mercurial (SSA:2017-223-03)

New mercurial packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mercurial-4.3.1-i586-1_slack14.2.txz: Upgraded.
Fixes security issues:
Mercurial's symlink auditing was incomplete prior to 4.3, and could
be abused to write to files outside the...
Categories:

[SECURITY] [DSA 3937-1] zabbix security update

August 14, 2017 - 3:21am

Posted by Moritz Muehlenhoff on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-3937-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 12, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : zabbix
CVE ID : CVE-2017-2824 CVE-2017-2825

Lilith...
Categories: