BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 10 min ago

[slackware-security] bash (SSA:2014-267-01)

September 25, 2014 - 8:44am

Posted by Slackware Security Team on Sep 25

[slackware-security] bash (SSA:2014-267-01)

New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bash-4.2.048-i486-1_slack14.1.txz: Upgraded.
This update fixes a vulnerability in bash related to how environment
variables are processed: trailing code in function definitions was...
Categories:

[slackware-security] mozilla-nss (SSA:2014-267-02)

September 25, 2014 - 8:34am

Posted by Slackware Security Team on Sep 25

[slackware-security] mozilla-nss (SSA:2014-267-02)

New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-nss-3.16.5-i486-1_slack14.1.txz: Upgraded.
Fixed an RSA Signature Forgery vulnerability.
For more information, see:...
Categories:

LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow

September 25, 2014 - 8:20am

Posted by advisories on Sep 25

=== LSE Leading Security Experts GmbH - Security Advisory LSE-2014-06-10 ===

Perl CORE - Deep Recursion Stack Overflow
-----------------------------------------

Affected Versions
=================
Perl v5.20.1 and below

Issue Overview
==============
Vulnerability Type: Stack Overflow
Technical Risk: high
Likelihood of Exploitation: low
Vendor: Perl
Vendor URL: http://www.perl.org
Credits: LSE Leading Security Experts GmbH employee Markus...
Categories:

[ MDVSA-2014:189 ] nss

September 25, 2014 - 8:09am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:189
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : nss
Date : September 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A...
Categories:

[ MDVSA-2014:187 ] curl

September 25, 2014 - 7:59am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:187
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : curl
Date : September 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:188 ] wireshark

September 25, 2014 - 7:49am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:188
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : September 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[SECURITY] [DSA 3034-1] iceweasel security update

September 25, 2014 - 7:38am

Posted by Yves-Alexis Perez on Sep 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3034-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
September 25, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1568

Antoine...
Categories:

CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control

September 25, 2014 - 7:26am

Posted by main on Sep 25

All versions of the popular UI for ASP.NET AJAX RadEditor Control product by Telerik may be affected by a high-risk
stored attribute-based cross-site scripting (XSS) vulnerability that is assigned CVE-2014-4958. This WYSIWYG rich text
editor is “...what Microsoft chose to use in MSDN, CodePlex, TechNet, MCMS and even as an alternative to the default
editor in SharePoint.”

Personally tested and confirmed are versions: 2014.1.403.35 (much...
Categories:

[SECURITY] [DSA 3033-1] nss security update

September 25, 2014 - 7:19am

Posted by Yves-Alexis Perez on Sep 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3033-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
September 25, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nss
CVE ID : CVE-2014-1568

Antoine Delignat-Lavaud...
Categories:

[security bulletin] HPSBST03103 rev.1 - HP Storage EVA Command View Suite running OpenSSL, Remote Unauthorized Access, Disclosure of Information

September 25, 2014 - 7:04am

Posted by security-alert on Sep 25

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04425253

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04425253
Version: 1

HPSBST03103 rev.1 - HP Storage EVA Command View Suite running OpenSSL, Remote
Unauthorized Access, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key

September 25, 2014 - 6:55am

Posted by Gunnar Wolf on Sep 25

John Leo dijo [Mon, Sep 22, 2014 at 03:51:57PM +0800]:

The "vote counting" goes against knowing whether the signing key is
valid or not. When you are asserting the identity of a site you
control, or a site you trust, this would only become a *second* chain
of trust, if I understand you right. And, of course, the signer
*should* be the same as the site operator!

A PKI is just the same as the vote counting you mention for OpenPGP,
but...
Categories:

[ MDVSA-2014:186 ] bash

September 25, 2014 - 6:48am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:186
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : bash
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A flaw...
Categories:

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

September 25, 2014 - 6:37am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20140924-sip

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software
could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability,...
Categories:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System

September 25, 2014 - 6:29am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System

Advisory ID: cisco-sa-20140924-mdns

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the following
vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of
service (DoS)...
Categories:

Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability

September 25, 2014 - 6:19am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software Network Address Translation Denial of Service Vulnerability

Advisory ID: cisco-sa-20140924-nat

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to
improper...
Categories:

Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

September 25, 2014 - 6:09am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

Advisory ID: cisco-sa-20140924-dhcpv6

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE Software
could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper parsing...
Categories:

Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities

September 25, 2014 - 5:59am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software Metadata Vulnerabilities

Advisory ID: cisco-sa-20140924-metadata

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker
to reload a vulnerable device.

The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata...
Categories:

Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability

September 25, 2014 - 5:50am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software RSVP Vulnerability

Advisory ID: cisco-sa-20140924-rsvp

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS
XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be
exploited repeatedly to cause an extended denial of...
Categories:

[ MDVSA-2014:184 ] net-snmp

September 25, 2014 - 5:42am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:184
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : net-snmp
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:183 ] phpmyadmin

September 25, 2014 - 5:34am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:183
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories: