BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 51 min ago

[security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution

4 hours 36 min ago

Posted by security-alert on Mar 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03723en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03723en_us
Version: 1

HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts,
Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities

4 hours 43 min ago

Posted by security-alert on Mar 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux03725en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbux03725en_us
Version: 1

HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-03-29...
Categories:

ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability

March 29, 2017 - 2:40pm

Posted by EMC Product Security Response Center on Mar 29

EMC Identifier: ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure
Vulnerability
CVE Identifier: CVE-2017-4977

Severity Rating: CVSS v3 Base Score: 5.0 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)

Affected Products:
RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52

Summary:
RSA Archer Security Operations Management with RSA Unified Collector...
Categories:

ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability

March 29, 2017 - 2:33pm

Posted by EMC Product Security Response Center on Mar 29

ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability

EMC Identifier: ESA-2017-028

CVE Identifier:
CVE-2017-4980

Severity Rating: CVSS v3 Base Score: 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected products:

• EMC Isilon OneFS 8.0.0 - 8.0.0.1
• EMC Isilon OneFS 7.2.0 - 7.2.1.3
• EMC Isilon OneFS 7.1.0 - 7.1.1.10

Summary:
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially...
Categories:

[SECURITY] [DSA 3824-1] firebird2.5 security update

March 29, 2017 - 1:42pm

Posted by Sebastien Delafond on Mar 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3824-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
March 29, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firebird2.5
CVE ID : CVE-2017-6369
Debian Bug :...
Categories:

[SECURITY] [DSA 3798-2] tnef regression update

March 29, 2017 - 7:30am

Posted by Sebastien Delafond on Mar 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3798-2 security () debian org
https://www.debian.org/security/ Sebastien Delafond
March 29, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tnef
Debian Bug : 857342

DSA-3798-1 for tnef...
Categories:

[slackware-security] mariadb (SSA:2017-087-01)

March 29, 2017 - 1:05am

Posted by Slackware Security Team on Mar 28

[slackware-security] mariadb (SSA:2017-087-01)

New mariadb packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-10.0.30-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Crash in libmysqlclient.so.
Difficult to exploit vulnerability allows low privileged attacker with
logon to...
Categories:

APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

March 29, 2017 - 12:56am

Posted by Apple Product Security on Mar 28

APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

iCloud for Windows 6.2 is now available and addresses the following:

APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A client certificate was sent in plaintext. This issue
was addressed through improved certificate handling.
CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical
University...
Categories:

[SECURITY] [DSA 3823-1] eject security update

March 28, 2017 - 11:39am

Posted by Salvatore Bonaccorso on Mar 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-3823-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
March 28, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : eject
CVE ID : CVE-2017-6964
Debian Bug :...
Categories:

APPLE-SA-2017-03-27-7 macOS Server 5.3

March 28, 2017 - 12:20am

Posted by Apple Product Security on Mar 27

APPLE-SA-2017-03-27-7 macOS Server 5.3

macOS Server 5.3 is now available and addresses the following:

Profile Manager
Available for: macOS 10.12.4 and later
Impact: A remote user may be able to cause a denial-of-service
Description: A crafted request may cause a global cache to grow
indefinitely, leading to a denial-of-service. This was addressed by
not caching unknown MIME types.
CVE-2016-0751

Web Server
Available for: macOS 10.12.4 and...
Categories:

[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update

March 27, 2017 - 11:57pm

Posted by Moritz Muehlenhoff on Mar 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3821-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gst-plugins-ugly1.0
CVE ID : CVE-2017-5846...
Categories:

APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS

March 27, 2017 - 2:19pm

Posted by Apple Product Security on Mar 27

APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1
for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now
available and address the following:

Export
Available for: macOS 10.12 Sierra or later, iOS 10 or later
Impact: The contents of password-protected PDFs exported from iWork
may be exposed
Description: iWork used weak 40-bit RC4 encryption for password-
protected PDF exports. This issue was addressed by changing iWork...
Categories:

[SECURITY] [DSA 3817-1] jbig2dec security update

March 27, 2017 - 12:31am

Posted by Moritz Muehlenhoff on Mar 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3817-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 24, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jbig2dec
CVE ID : CVE-2016-9601

Multiple security...
Categories:

[SECURITY] [DSA 3816-1] samba security update

March 23, 2017 - 6:39am

Posted by Salvatore Bonaccorso on Mar 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3816-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
March 23, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2017-2619

Jann Horn of Google...
Categories: