Feed aggregator

CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*

BugTraq Latest Security Advisories - April 28, 2016 - 7:35am

Posted by Hans Jerry Illikainen on Apr 28

Details
=======

An integer wrap may occur in PHP 7.x before version 7.0.6 when reading
zip files with the getFromIndex() and getFromName() methods of
ZipArchive, resulting in a heap overflow.

php-7.0.5/ext/zip/php_zip.c
,----
| 2679 static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */
| 2680 {
| ....
| 2684 struct zip_stat sb;
| ....
| 2689 zend_long len = 0;
| ....
| 2692 zend_string *buffer;
| ....
| 2702...
Categories:

next-20160428: linux-next

Linux Kernel Updates - April 28, 2016 - 1:08am
Version:next-20160428 (linux-next) Released:2016-04-28

[SECURITY] [DSA 3560-1] php5 security update

BugTraq Latest Security Advisories - April 28, 2016 - 12:54am

Posted by Salvatore Bonaccorso on Apr 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3560-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2015-8865 CVE-2016-4070...
Categories:

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

BugTraq Latest Security Advisories - April 28, 2016 - 12:47am

Posted by Tony Homer on Apr 27

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
Apache Cordova iOS contains 2 methods to bypass the URL access
restrictions provided by the whitelist. An attacker can use any of the
2 methods to load malicious resources in an app that uses a whitelist
to only load trusted resources.

Upgrade path:
Developers...
Categories:

Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability

BugTraq Latest Security Advisories - April 28, 2016 - 12:40am

Posted by Mahmut Firuz Dumlupinar - Vendor on Apr 27


Categories:

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

BugTraq Latest Security Advisories - April 28, 2016 - 12:31am

Posted by Tony Homer on Apr 27

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
Apache Cordova iOS contains 2 methods to bypass the URL access
restrictions provided by the whitelist. An attacker can use any of the
2 methods to load malicious resources in an app that uses a whitelist
to only load trusted resources.

Upgrade path:
Developers...
Categories:

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS

BugTraq Latest Security Advisories - April 28, 2016 - 12:23am

Posted by Tony Homer on Apr 27

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
An arbitrary plugin can be executed when a user clicks on a link.

Upgrade path:
Developers who are concerned about this issue should install version
4.0.0 or higher of the cordova-ios platform.

Credit:
This issue was discovered by Muneaki Nishimura...
Categories:

Bugtraq: [SECURITY] [DSA 3559-1] iceweasel security update

Security Focus Latest Security Advisories - April 28, 2016 - 12:00am
[SECURITY] [DSA 3559-1] iceweasel security update
Categories:

Bugtraq: EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

Security Focus Latest Security Advisories - April 28, 2016 - 12:00am
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
Categories:

Bugtraq: Oracle Discoverer Viewer BI - Open Redirect Vulnerability

Security Focus Latest Security Advisories - April 28, 2016 - 12:00am
Oracle Discoverer Viewer BI - Open Redirect Vulnerability
Categories:

Bugtraq: [slackware-security] mozilla-firefox (SSA:2016-117-01)

Security Focus Latest Security Advisories - April 28, 2016 - 12:00am
[slackware-security] mozilla-firefox (SSA:2016-117-01)
Categories:

Bugtraq: [SECURITY] [DSA 3558-1] openjdk-7 security update

Security Focus Latest Security Advisories - April 27, 2016 - 2:00pm
[SECURITY] [DSA 3558-1] openjdk-7 security update
Categories:

[SECURITY] [DSA 3559-1] iceweasel security update

BugTraq Latest Security Advisories - April 27, 2016 - 1:32pm

Posted by Moritz Muehlenhoff on Apr 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3559-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 27, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2016-2805 CVE-2016-2807...
Categories:

EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

BugTraq Latest Security Advisories - April 27, 2016 - 10:30am

Posted by Securify B.V. on Apr 27

------------------------------------------------------------------------
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
------------------------------------------------------------------------
Han Sahin, November 2014

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that EMC M&R (Watch4net) does not...
Categories:

Bugtraq: [SECURITY] [DSA 3557-1] mysql-5.5 security update

Security Focus Latest Security Advisories - April 27, 2016 - 9:00am
[SECURITY] [DSA 3557-1] mysql-5.5 security update
Categories:

Oracle Discoverer Viewer BI - Open Redirect Vulnerability

BugTraq Latest Security Advisories - April 27, 2016 - 7:55am

Posted by Vulnerability Lab on Apr 27

Document Title:
===============
Oracle Discoverer Viewer BI - Open Redirect Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1667

Oracle ID: S0666670

Release Date:
=============
2016-04-26

Vulnerability Laboratory ID (VL-ID):
====================================
1667

Common Vulnerability Scoring System:
====================================
2.8

Product & Service Introduction:...
Categories:

Bugtraq: Sophos XG Firewall (SF01V) - Persistent Web Vulnerability

Security Focus Latest Security Advisories - April 27, 2016 - 7:00am
Sophos XG Firewall (SF01V) - Persistent Web Vulnerability
Categories:

3.4.112: longterm

Linux Kernel Updates - April 27, 2016 - 5:55am
Version:3.4.112 (longterm) Released:2016-04-27 Source:linux-3.4.112.tar.xz PGP Signature:linux-3.4.112.tar.sign Patch:patch-3.4.112.xz (Incremental) ChangeLog:ChangeLog-3.4.112

3.12.59: longterm

Linux Kernel Updates - April 27, 2016 - 4:13am
Version:3.12.59 (longterm) Released:2016-04-27 Source:linux-3.12.59.tar.xz PGP Signature:linux-3.12.59.tar.sign Patch:patch-3.12.59.xz (Incremental) ChangeLog:ChangeLog-3.12.59

[slackware-security] mozilla-firefox (SSA:2016-117-01)

BugTraq Latest Security Advisories - April 27, 2016 - 3:31am

Posted by Slackware Security Team on Apr 27

[slackware-security] mozilla-firefox (SSA:2016-117-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-38.8.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories: