Feed aggregator

Bugtraq: [SECURITY] [DSA 3464-1] rails security update

Security Focus Latest Security Advisories - February 2, 2016 - 1:00pm
[SECURITY] [DSA 3464-1] rails security update
Categories:

A tale of openssl_seal(), PHP and Apache2handle

BugTraq Latest Security Advisories - February 2, 2016 - 8:29am

Posted by s3810 on Feb 02

Hey folks,

The openssl_seal() [4] is prone to use uninitialized memory that can be
turned into a code execution. This document describes technical details of
our journey to hijack apache2 requests.

What the heck is openssl_seal()?

[...]
int openssl_seal ( string $data , string &$sealed_data , array &$env_keys , array $pub_key_ids [,
string $method = "RC4" ] )

openssl_seal() seals (encrypts) data by using the given...
Categories:

Bugtraq: [SECURITY] [DSA 3463-1] prosody security update

Security Focus Latest Security Advisories - February 2, 2016 - 1:00am
[SECURITY] [DSA 3463-1] prosody security update
Categories:

WebKitGTK+ Security Advisory WSA-2016-0001

BugTraq Latest Security Advisories - February 2, 2016 - 12:33am

Posted by Carlos Alberto Lopez Perez on Feb 01

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0001
------------------------------------------------------------------------

Date reported : February 01, 2016
Advisory ID : WSA-2016-0001
Advisory URL : http://webkitgtk.org/security/WSA-2016-0001.html
CVE identifiers : CVE-2015-7096, CVE-2015-7098.

Several vulnerabilities were...
Categories:

Vuln: Oracle Java SE CVE-2015-4902 Remote Security Vulnerability

Security Focus Latest Security Advisories - February 2, 2016 - 12:00am
Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2015-4806 Remote Security Vulnerability

Security Focus Latest Security Advisories - February 2, 2016 - 12:00am
Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2015-4805 Remote Security Vulnerability

Security Focus Latest Security Advisories - February 2, 2016 - 12:00am
Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
Categories:

next-20160202: linux-next

Linux Kernel Updates - February 1, 2016 - 11:11pm
Version:next-20160202 (linux-next) Released:2016-02-02