Feed aggregator

Bugtraq: APPLE-SA-2016-07-18-2 iOS 9.3.3

APPLE-SA-2016-07-18-2 iOS 9.3.3
Categories:

Bugtraq: APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004
Categories:

Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking

BugTraq Latest Security Advisories - July 19, 2016 - 2:51pm

Posted by Stefan Kanthak on Jul 19

Hi @ll,

eclipse-inst-win32.exe (and of course eclipse-inst-win64.exe
too) loads and executes multiple DLLs (in version 4.5 also
CMD.EXE) from its "application directory".

* version 4.5 ("Mars") on Windows 7:
UXTheme.dll, WindowsCodecs.dll, AppHelp.dll, SrvCli.dll,
Slc.dll, NTMarta.dll, ProfAPI.dll, SAMLib.dll

* version 4.6 ("Neon") on Windows 7:
IEFrame.dll, Version.dll

* version 4.5 on Windows XP:...
Categories:

Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

BugTraq Latest Security Advisories - July 19, 2016 - 2:43pm

Posted by Vulnerability Lab on Jul 19

Document Title:
===============
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1869

Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6186

CVE-ID:
=======
CVE-2016-6186

Release Date:
=============
2016-07-19

Vulnerability...
Categories:

APPLE-SA-2016-07-18-6 iTunes 12.4.2

BugTraq Latest Security Advisories - July 19, 2016 - 2:33pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-6 iTunes 12.4.2

iTunes 12.4.2 for Windows is now available and addresses the following:

libxml2
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4448 : Apple
CVE-2016-4483 :...
Categories:

APPLE-SA-2016-07-18-5 Safari 9.1.2

BugTraq Latest Security Advisories - July 19, 2016 - 2:24pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-5 Safari 9.1.2

Safari 9.1.2 is now available and addresses the following:

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may disclose image data from
another website
Description: A timing issue existed in the processing of SVG. This
issue was addressed through improved validation.
CVE-2016-4583 : Roeland Krak

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a...
Categories:

APPLE-SA-2016-07-18-4 tvOS 9.2.2

BugTraq Latest Security Advisories - July 19, 2016 - 1:59pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-4 tvOS 9.2.2

tvOS 9.2.2 is now available and addresses the following:

CoreGraphics
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)

ImageIO
Available for: Apple TV (4th generation)
Impact: A...
Categories:

APPLE-SA-2016-07-18-3 watchOS 2.2.2

BugTraq Latest Security Advisories - July 19, 2016 - 1:29pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-3 watchOS 2.2.2

watchOS 2.2.2 is now available and addresses the following:

CoreGraphics
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)

ImageIO...
Categories:

APPLE-SA-2016-07-18-2 iOS 9.3.3

BugTraq Latest Security Advisories - July 19, 2016 - 1:19pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-2 iOS 9.3.3

iOS 9.3.3 is now available and addresses the following:

Calendar
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted calendar invite may cause a device to
unexpectedly restart
Description: A null pointer dereference was addressed through
improved memory handling.
CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical
Center...
Categories:

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

BugTraq Latest Security Advisories - July 19, 2016 - 1:09pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update
2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now
available and addresses the following:

apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to...
Categories:

Bugtraq: [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking

[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
Categories:

Bugtraq: [SECURITY] [DSA 3621-1] mysql-connector-java security update

[SECURITY] [DSA 3621-1] mysql-connector-java security update
Categories:

Bugtraq: [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon

[Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon
Categories:

Bugtraq: Multiple vulns in Vodafone EasyBox 804

Multiple vulns in Vodafone EasyBox 804
Categories:

[SECURITY] [DSA 3622-1] python-django security update

BugTraq Latest Security Advisories - July 19, 2016 - 12:58pm

Posted by Salvatore Bonaccorso on Jul 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3622-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2016-6186

It was...
Categories:

next-20160719: linux-next

Linux Kernel Updates - July 19, 2016 - 1:40am
Version:next-20160719 (linux-next) Released:2016-07-19

[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking

BugTraq Latest Security Advisories - July 18, 2016 - 12:18pm

Posted by Stefan Kanthak on Jul 18

Hi @ll,

this is basically a followup to <http://seclists.org/oss-sec/2016/q1/58>

CVE-2016-1281 is NOT FIXED!

I've retested the current "VeraCrypt Setup 1.17.exe" on a fully
patched Windows 7, and it is STILL (or AGAIN) vulnerable there.

The following DLLs are loaded from the "application directory"
and their DllMain() executed: VSSAPI.dll, ATL.dll, VSSTrace.dll.

See <...
Categories:

[SECURITY] [DSA 3621-1] mysql-connector-java security update

BugTraq Latest Security Advisories - July 18, 2016 - 12:06pm

Posted by Salvatore Bonaccorso on Jul 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3621-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mysql-connector-java
CVE ID : CVE-2015-2575

A...
Categories:

Bugtraq: [SECURITY] [DSA 3620-1] pidgin security update

Security Focus Latest Security Advisories - July 18, 2016 - 11:00am
[SECURITY] [DSA 3620-1] pidgin security update
Categories:

Bugtraq: [SECURITY] [DSA 3619-1] libgd2 security update

Security Focus Latest Security Advisories - July 18, 2016 - 11:00am
[SECURITY] [DSA 3619-1] libgd2 security update
Categories: