Feed aggregator

Bugtraq: [SECURITY] [DSA 3625-1] squid3 security update

[SECURITY] [DSA 3625-1] squid3 security update
Categories:

Bugtraq: Dreammail 5 mail client XSS Vulnerability

Dreammail 5 mail client XSS Vulnerability
Categories:

Bugtraq: [slackware-security] php (SSA:2016-203-02)

[slackware-security] php (SSA:2016-203-02)
Categories:

Bugtraq: [slackware-security] gimp (SSA:2016-203-01)

[slackware-security] gimp (SSA:2016-203-01)
Categories:

[slackware-security] bind (SSA:2016-204-01)

BugTraq Latest Security Advisories - July 25, 2016 - 2:53am

Posted by Slackware Security Team on Jul 25

[slackware-security] bind (SSA:2016-204-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.10.4_P2-i586-1_slack14.2.txz: Upgraded.
Fixed a security issue:
getrrsetbyname with a non absolute name could trigger an infinite
recursion bug in lwresd and named...
Categories:

CA20160721-01: Security Notice for CA eHealth

BugTraq Latest Security Advisories - July 25, 2016 - 2:44am

Posted by Kotas, Kevin J on Jul 25

CA20160721-01: Security Notice for CA eHealth

Issued: 2016-07-21
Last Updated: 2016-07-21

CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
to these...
Categories:

[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

BugTraq Latest Security Advisories - July 25, 2016 - 2:34am

Posted by Tim Allison on Jul 25

CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: POI 3.5-3.13

Description:

Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and users that use
XLSX2CSV and accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allow remote...
Categories:

MySQL zero-day vulnerabilities (July 2016 CPU)

BugTraq Latest Security Advisories - July 25, 2016 - 2:25am

Posted by lem . nikolas on Jul 25

MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google,
Facebook, Twitter just to cite a few..

In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to
identify and mitigate those vulnerabilities.

Sincere thanks to Oracle Inc for the prompt response and adequate mitigation to the issues.

You can get a copy of the report...
Categories:

next-20160725: linux-next

Linux Kernel Updates - July 25, 2016 - 1:14am
Version:next-20160725 (linux-next) Released:2016-07-25

Vuln: Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
Categories:

Vuln: PHP 'zip_stream.c' Integer Overflow Vulnerability

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
PHP 'zip_stream.c' Integer Overflow Vulnerability
Categories:

Vuln: PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability
Categories:

Vuln: PHP 'snmp.c' Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 24, 2016 - 11:00pm
PHP 'snmp.c' Denial of Service Vulnerability
Categories:

4.7: mainline

Linux Kernel Updates - July 24, 2016 - 2:24pm
Version:4.7 (mainline) Released:2016-07-24 Source:linux-4.7.tar.xz PGP Signature:linux-4.7.tar.sign Patch:patch-4.7.xz

next-20160724: linux-next

Linux Kernel Updates - July 24, 2016 - 3:17am
Version:next-20160724 (linux-next) Released:2016-07-24