Feed aggregator

Vuln: OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability

Security Focus Latest Security Advisories - January 13, 2017 - 12:00am
OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
Categories:

next-20170113: linux-next

Linux Kernel Updates - January 12, 2017 - 11:10pm
Version:next-20170113 (linux-next) Released:2017-01-13

ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers)

BugTraq Latest Security Advisories - January 12, 2017 - 11:56am

Posted by Fernando Gont on Jan 12

Folks,

I'm curious about whether folks are filtering ICMPv6 PTB<1280
and/or IPv6 fragments targeted to BGP routers (off-list datapoints are
welcome).

In any case, you mind find it worth reading to check if you're affected
(from Section 2 of recently-published RFC8021):

---- cut here ----
The security implications of IP fragmentation have been discussed at
length in [RFC6274] and [RFC7739]. An attacker can leverage the...
Categories:

Bugtraq: [slackware-security] gnutls (SSA:2017-011-02)

Security Focus Latest Security Advisories - January 12, 2017 - 11:00am
[slackware-security] gnutls (SSA:2017-011-02)
Categories:

[SECURITY] [DSA 3760-1] ikiwiki security update

BugTraq Latest Security Advisories - January 12, 2017 - 10:19am

Posted by Moritz Muehlenhoff on Jan 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-3760-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 12, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ikiwiki
CVE ID : CVE-2016-9646 CVE-2016-10026...
Categories:

Bugtraq: [slackware-security] bind (SSA:2017-011-01)

Security Focus Latest Security Advisories - January 12, 2017 - 9:00am
[slackware-security] bind (SSA:2017-011-01)
Categories:

CVE-2017-5350: Unexpected SystemUI FC driven by arbitrary application

BugTraq Latest Security Advisories - January 12, 2017 - 7:24am

Posted by unlimitsec on Jan 12

Description of the potential vulnerability:Lack of appropriate exception handling in some applications allows attackers
to make a systemUI crash easily resulting in a possible DoS attack
Affected versions: L(5.0/5.1), M(6.0), and N(7.0)
Disclosure status: Privately disclosed.
The patch prevents systemUI crashes by handling unexpected exceptions.

Fix:
http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017
SVE-2016-7122: Unexpected...
Categories:

Bugtraq: [SECURITY] [DSA 3758-1] bind9 security update

Security Focus Latest Security Advisories - January 12, 2017 - 7:00am
[SECURITY] [DSA 3758-1] bind9 security update
Categories:

[slackware-security] bind (SSA:2017-011-01)

BugTraq Latest Security Advisories - January 12, 2017 - 6:20am

Posted by Slackware Security Team on Jan 12

[slackware-security] bind (SSA:2017-011-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.10.4_P5-i586-1_slack14.2.txz: Upgraded.
This update fixes a denial-of-service vulnerability. An error in handling
certain queries can cause an assertion failure when a...
Categories:

[slackware-security] gnutls (SSA:2017-011-02)

BugTraq Latest Security Advisories - January 12, 2017 - 6:10am

Posted by Slackware Security Team on Jan 12

[slackware-security] gnutls (SSA:2017-011-02)

New gnutls packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnutls-3.5.8-i586-1_slack14.2.txz: Upgraded.
This update fixes some bugs and security issues.
For more information, see:
https://gnutls.org/security.html#GNUTLS-SA-2017-1...
Categories:

4.9.3: stable

Linux Kernel Updates - January 12, 2017 - 5:41am
Version:4.9.3 (stable) Released:2017-01-12 Source:linux-4.9.3.tar.xz PGP Signature:linux-4.9.3.tar.sign Patch:patch-4.9.3.xz (Incremental) ChangeLog:ChangeLog-4.9.3

4.4.42: longterm

Linux Kernel Updates - January 12, 2017 - 5:23am
Version:4.4.42 (longterm) Released:2017-01-12 Source:linux-4.4.42.tar.xz PGP Signature:linux-4.4.42.tar.sign Patch:patch-4.4.42.xz (Incremental) ChangeLog:ChangeLog-4.4.42

Bugtraq: Multiple Vulnerabilities in cPanel

Security Focus Latest Security Advisories - January 12, 2017 - 5:00am
Multiple Vulnerabilities in cPanel
Categories:

Bugtraq: IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced

Security Focus Latest Security Advisories - January 12, 2017 - 5:00am
IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced
Categories:

CA20170109-01: Security Notice for CA Service Desk Manager

BugTraq Latest Security Advisories - January 12, 2017 - 12:24am

Posted by Kotas, Kevin J on Jan 11

CA20170109-01: Security Notice for CA Service Desk Manager

Issued: January 10, 2017
Last Updated: January 10, 2017

CA Technologies support is alerting customers to a potential risk
with CA Service Desk Manager. A vulnerability exists in RESTful
web services that can potentially allow a remote authenticated
attacker to view or modify sensitive information. Fixes are
available.

The vulnerability, CVE-2016-10086, is due to incorrect permissions...
Categories:

[SECURITY] [DSA 3758-1] bind9 security update

BugTraq Latest Security Advisories - January 12, 2017 - 12:14am

Posted by Florian Weimer on Jan 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-3758-1 security () debian org
https://www.debian.org/security/ Florian Weimer
January 11, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bind9
CVE ID : CVE-2016-9131 CVE-2016-9147...
Categories:

Multiple Vulnerabilities in cPanel

BugTraq Latest Security Advisories - January 12, 2017 - 12:04am

Posted by Open Security on Jan 11

===[ Introduction ]===

cPanel offers web hosting software that automates the intricate workings
of web hosting servers.
cPanel equips server administrators with the necessary tools to provide
top-notch hosting to customers on tens of thousands of servers worldwide.

===[ Description ]===

I) Cross Domain Scripting :
A local user can run JavaScript code in other user's domain and access
cookies and compromise the victim website.
POC : User...
Categories:

Vuln: Juniper Junos CVE-2017-2300 Denial of Service Vulnerability

Security Focus Latest Security Advisories - January 12, 2017 - 12:00am
Juniper Junos CVE-2017-2300 Denial of Service Vulnerability
Categories:

Vuln: LXC CVE-2016-10124 Security Bypass Vulnerability

Security Focus Latest Security Advisories - January 12, 2017 - 12:00am
LXC CVE-2016-10124 Security Bypass Vulnerability
Categories:

Vuln: WordPress Prior to 4.7.1 Cross Site Request Forgery Vulnerability

Security Focus Latest Security Advisories - January 12, 2017 - 12:00am
WordPress Prior to 4.7.1 Cross Site Request Forgery Vulnerability
Categories: