BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 20 min 7 sec ago

[CVE-2017-8813] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c

June 22, 2017 - 10:52am

Posted by wpengfeinudt on Jun 22

Hi all,

I found this double-fetch vulnerability when I was doing my research on double fetch issue analysis, and I’’d like
to make an announcement here.

This was found in Linux kernel file Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c. The kernel (driver) use
memcpy_fromio() to fetch twice the same block of device data from I/O memory to the kernel, and malicious data change
by the peripheral device between the two fetches...
Categories:

[SECURITY] [DSA 3893-1] jython security update

June 22, 2017 - 8:08am

Posted by Salvatore Bonaccorso on Jun 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3893-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 22, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jython
CVE ID : CVE-2016-4000
Debian Bug :...
Categories:

[slackware-security] openvpn (SSA:2017-172-01)

June 22, 2017 - 6:13am

Posted by Slackware Security Team on Jun 22

[slackware-security] openvpn (SSA:2017-172-01)

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openvpn-2.3.17-i586-1_slack14.2.txz: Upgraded.
This update fixes several denial of service issues discovered
by Guido Vranken.
For more information, see:...
Categories:

Sitecore 7.1-7.2 Cross Site Scripting Vulnerability

June 22, 2017 - 5:59am

Posted by hamedizadi on Jun 22

Sitecore 7.1-7.2 Cross Site Scripting Vulnerability

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in Sitecore
Affected Software : Sitecore.NET
Affected Versions: v7.2-7.1 and possibly below
Vendor Homepage : http://www.sitecore.net/
Vulnerability Type : Cross-site Scripting
Severity : Important

Description
--------------------
By...
Categories:

[SECURITY] [DSA 3890-1] spip security update

June 22, 2017 - 5:46am

Posted by Salvatore Bonaccorso on Jun 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3890-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 21, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spip
CVE ID : CVE-2017-9736
Debian Bug : 864921...
Categories:

ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability

June 20, 2017 - 1:05pm

Posted by EMC Product Security Response Center on Jun 20

ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Identifier: ESA-2017-053

CVE Identifier: CVE-2017-4988

Severity Rating: CVSS v3 Base Score:
Base Score=> 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected products:
• EMC Isilon OneFS 8.0.1.0
• EMC Isilon OneFS 8.0.0 - 8.0.0.3
• EMC Isilon OneFS 7.2.0 - 7.2.1.4
• EMC Isilon OneFS 7.1.x

Summary:
EMC Isilon OneFS is affected by a...
Categories:

ESA-2017-054: EMC Avamar Multiple Vulnerabilities

June 20, 2017 - 12:47pm

Posted by EMC Product Security Response Center on Jun 20

ESA-2017-054: EMC Avamar Multiple Vulnerabilities

EMC Identifier: ESA-2017-054
CVE Identifiers:
CVE-2017-4989, CVE-2017-4990

Affected products:
• EMC Avamar Server Software 7.4.1-58, 7.4.0-242 (CVE-2017-4990)
• EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226 (CVE-2017-4989, CVE-2017-4990)
• EMC Avamar Server Software 7.2.1-32, 7.2.1-31, 7.2.0-401 (CVE-2017-4989)
Severity Rating: See below for individual scores...
Categories:

CVE-2017-3167: Apache httpd 2.x ap_get_basic_auth_pw authentication bypass

June 20, 2017 - 6:41am

Posted by Jacob Champion on Jun 20

CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25

Description:
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.

Mitigation:
2.2.x users should either apply the patch available at...
Categories:

CVE-2017-7659: mod_http2 null pointer dereference

June 19, 2017 - 2:46pm

Posted by Jim Jagielski on Jun 19

CVE-2017-7659: mod_http2 null pointer dereference

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.24 (unreleased)
httpd 2.4.25

Description:
A maliciously constructed HTTP/2 request could cause mod_http2 to
dereference a NULL pointer and crash the server process.

Mitigation:
2.4.25 users of mod_http2 should upgrade to 2.4.26.

Credit:
The Apache HTTP Server security team would like to thank Robert...
Categories:

[SECURITY] [DSA 3886-1] linux security update

June 19, 2017 - 1:01pm

Posted by Salvatore Bonaccorso on Jun 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3886-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2017-0605 CVE-2017-7487...
Categories:

[SECURITY] [DSA 3887-1] glibc security update

June 19, 2017 - 12:50pm

Posted by Moritz Muehlenhoff on Jun 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3887-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 19, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : glibc
CVE ID : CVE-2017-1000366

The Qualys...
Categories:

[security bulletin] HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution

June 19, 2017 - 12:30pm

Posted by HPE Product Security Response Team on Jun 19

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03758en_us
Version: 2

HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-06-14
Last Updated: 2017-06-13

Potential...
Categories:

Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

June 19, 2017 - 8:04am

Posted by ghasseminia on Jun 19

# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia
# CVE ID: CVE-2016-6201

# PROOF OF CONCEPT

Vulnerable URL:
/WorkArea/content.aspx?id=0&action=ViewContentByCategory&LangType=1033&ContType=zjgsa&SubType=0

# VULNERABLE PARAMETERS:
- ContType

# SAMPLE...
Categories:

Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

June 19, 2017 - 7:48am

Posted by ghasseminia on Jun 19

# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia
# CVE ID: CVE-2016-6133

# PROOF OF CONCEPT

Vulnerable URL:
/WorkArea/SelectUserGroup.aspx?action=Report&rptStatus

# VULNERABLE PARAMETERS:
- rptStatus

# SAMPLE PAYLOAD
-...
Categories:

Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

June 19, 2017 - 7:34am

Posted by ghasseminia on Jun 19

# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia, Edmund Goh
# CVE ID: CVE-2016-6133

# PROOF OF CONCEPT

Vulnerable URL:
/WorkArea/workarea.aspx?page=content.aspx&action=ViewContentByCategory&folder_id=0&LangType=1033

# VULNERABLE PARAMETERS:
- folder_id...
Categories:

ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station

June 16, 2017 - 12:00pm

Posted by EMC Product Security Response Center on Jun 16

ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station

EMC Identifier: ESA-2017-041
CVE Identifier: CVE-2017-4984, CVE-2017-4985, CVE-2017-4987
Severity Rating: CVSS v3 Base Score: See below for individual CVEs.
Affected products:
EMC VNX2 versions prior to OE for File 8.1.9.211
EMC VNX1 versions prior to OE for File 7.1.80.8

Summary:
VNX Control Station for VNX1 and VNX2 contains fixes for multiple...
Categories:

June 2017 - Bamboo - Critical Security Advisory

June 16, 2017 - 9:17am

Posted by Atlassian on Jun 16

This email refers to the advisory found at
https://confluence.atlassian.com/x/KgwUNg .

CVE ID:

* CVE-2017-8907.

Product: Bamboo.

Affected Bamboo product versions:

5.0.0 <= version < 5.15.7
6.0.0 <= version < 6.0.1

Fixed Bamboo product versions:

* for 5.15.x, Bamboo 5.15.7 has been released with a fix for this issue.
* for 6.0.x, Bamboo 6.0.1 has been released with a fix for this issue.

Summary:
This advisory discloses a...
Categories:

[security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege

June 16, 2017 - 9:01am

Posted by security-alert on Jun 16

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03761en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03761en_us
Version: 1

HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud
Optimizer using Linux, Remote Escalation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[SECURITY] [DSA 3882-1] request-tracker4 security update

June 16, 2017 - 8:46am

Posted by Salvatore Bonaccorso on Jun 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3882-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 15, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : request-tracker4
CVE ID : CVE-2016-6127...
Categories: