BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 13 min 9 sec ago

Dreammail 5 mail client XSS Vulnerability

July 22, 2016 - 1:28am

Posted by wwiinngd on Jul 21

Title: Dreammail 5 mail client XSS Vulnerability
Software : Dreammail

Software Version : v5.16

Vendor: www.dreammail.org

Vulnerability Published : 2016-03-21

Author:zhenwei_qi
Email:wwiinngd () gmail com
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)

Bug Description :
DreamMail is an email client application, which allows its users to send, receive, and

manage emails.
Dreammail (ver 5.16) may be compromised by...
Categories:

[slackware-security] gimp (SSA:2016-203-01)

July 22, 2016 - 1:15am

Posted by Slackware Security Team on Jul 21

[slackware-security] gimp (SSA:2016-203-01)

New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gimp-2.8.18-i586-1_slack14.2.txz: Upgraded.
This release fixes a security issue:
Use-after-free vulnerability in the xcf_load_image function in
app/xcf/xcf-load.c in GIMP allows remote...
Categories:

[slackware-security] php (SSA:2016-203-02)

July 22, 2016 - 1:05am

Posted by Slackware Security Team on Jul 21

[slackware-security] php (SSA:2016-203-02)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.24...
Categories:

[security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS)

July 22, 2016 - 12:55am

Posted by security-alert on Jul 21

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05204371

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05204371
Version: 1

HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password
Reset Option running Apache Commons FileUpload, Remote Denial of Service
(DoS)

NOTICE: The information in this Security Bulletin...
Categories:

MySQL zero-day vulnerabilities (July 2016 CPU)

July 22, 2016 - 12:48am

Posted by lem . nikolas on Jul 21

MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google,
Facebook, Twitter just to cite a few..

In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to
identify and mitigate those vulnerabilities.

Sincere thanks to Oracle Inc for the prompt response and adequate mitigation to the issues.

You can get a copy of the report...
Categories:

[SECURITY] [DSA 3624-1] mysql-5.5 security update

July 22, 2016 - 12:36am

Posted by Salvatore Bonaccorso on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-3624-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 21, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mysql-5.5
CVE ID : CVE-2016-3477 CVE-2016-3521...
Categories:

Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products

July 22, 2016 - 12:24am

Posted by Cisco Systems Product Security Incident Response Team on Jul 21

Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products

Advisory ID: cisco-sa-20160721-asn1c

Revision: 1.0

For Public Release: 2016 July 21 19:00 GMT

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco
Virtualized Packet Core (VPC) systems. The...
Categories:

CVE-2016-5399: php: out-of-bounds write in bzread()

July 21, 2016 - 1:29am

Posted by Hans Jerry Illikainen on Jul 20

PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in
its `bzread()' function:

php-7.0.8/ext/bz2/bz2.c
,----
| 364 static PHP_FUNCTION(bzread)
| 365 {
| ...
| 382 ZSTR_LEN(data) = php_stream_read(stream, ZSTR_VAL(data), ZSTR_LEN(data));
| 383 ZSTR_VAL(data)[ZSTR_LEN(data)] = '\0';
| 384
| 385 RETURN_NEW_STR(data);
| 386 }
`----

php-7.0.8/ext/bz2/bz2.c
,----
| 210 php_stream_ops php_stream_bz2io_ops...
Categories: