Feed aggregator

iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries

BugTraq Latest Security Advisories - October 27, 2014 - 9:04am

Posted by Stefan Kanthak on Oct 27

Hi @ll,

the just released iTunes 12.0.1 for Windows still (cf.
<http://seclists.org/fulldisclosure/2014/Jul/30>) comes
with COMPLETELY outdated and VULNERAEBLE 3rd party libraries
(as part of AppleMobileDeviceSupport.msi):

* libeay32.dll and ssleay32.dll 0.9.8d

are more than SEVEN years old and have at least 27 unfixed CVEs!

* libcurl.dll 7.16.2

is more than SEVEN years old and has at least 18 unfixed CVEs!
the current version...
Categories:

Bugtraq: [ MDVSA-2014:209 ] java-1.7.0-openjdk

Security Focus Latest Security Advisories - October 27, 2014 - 9:00am
[ MDVSA-2014:209 ] java-1.7.0-openjdk
Categories:

Bugtraq: [ MDVSA-2014:208 ] phpmyadmin

Security Focus Latest Security Advisories - October 27, 2014 - 9:00am
[ MDVSA-2014:208 ] phpmyadmin
Categories:

Bugtraq: [ MDVSA-2014:207 ] ejabberd

Security Focus Latest Security Advisories - October 27, 2014 - 9:00am
[ MDVSA-2014:207 ] ejabberd
Categories:

Bugtraq: [ MDVSA-2014:206 ] ctags

Security Focus Latest Security Advisories - October 27, 2014 - 9:00am
[ MDVSA-2014:206 ] ctags
Categories:

Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1

BugTraq Latest Security Advisories - October 27, 2014 - 8:55am

Posted by Stefan Kanthak on Oct 27

Hi @ll,

the just released QuickTime 7.7.6 and iTunes 12.0.1 for Windows still
have quite some of the beginners errors I documented in
<http://seclists.org/fulldisclosure/2014/Aug/33> and
<http://seclists.org/fulldisclosure/2014/Aug/44>

QuickTime 7.7.6:

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\QuickTime\shell\open\command]
@="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"

iTunes 12.0.1:...
Categories:

next-20141027: linux-next

Linux Kernel Updates - October 27, 2014 - 12:08am
Version:next-20141027 (linux-next) Released:2014-10-27

Vuln: MIT Kerberos 5 'setup_server_realm()' Function CVE-2013-1418 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
MIT Kerberos 5 'setup_server_realm()' Function CVE-2013-1418 Remote Denial of Service Vulnerability
Categories:

Vuln: MIT Kerberos 5 CVE-2013-6800 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
MIT Kerberos 5 CVE-2013-6800 Remote Denial of Service Vulnerability
Categories:

Vuln: MIT Kerberos 5 CVE-2014-4341 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
MIT Kerberos 5 CVE-2014-4341 Remote Denial of Service Vulnerability
Categories:

Vuln: binutils Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
binutils Remote Denial of Service Vulnerability
Categories:

Vuln: CKEditor Preview Plugin CVE-2014-5191 Unspecified Cross Site Scripting Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
CKEditor Preview Plugin CVE-2014-5191 Unspecified Cross Site Scripting Vulnerability
Categories:

Vuln: Oberhumer LZO CVE-2014-4607 Multiple Memory Corruption Vulnerabilities

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
Oberhumer LZO CVE-2014-4607 Multiple Memory Corruption Vulnerabilities
Categories:

Vuln: PHP FPM 'php-fpm.conf.in' Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
PHP FPM 'php-fpm.conf.in' Local Privilege Escalation Vulnerability
Categories:

Vuln: GNU Libtasn1 CVE-2014-3468 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
GNU Libtasn1 CVE-2014-3468 Remote Code Execution Vulnerability
Categories:

Vuln: GNU Libtasn1 CVE-2014-3467 Multiple Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
GNU Libtasn1 CVE-2014-3467 Multiple Denial of Service Vulnerabilities
Categories:

Vuln: GNU Libtasn1 'asn1_read_value_type()' Function Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
GNU Libtasn1 'asn1_read_value_type()' Function Denial of Service Vulnerability
Categories:

Vuln: Node.js qs Module Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
Node.js qs Module Denial of Service Vulnerability
Categories:

Vuln: systemd-shim Local Denial of Service Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
systemd-shim Local Denial of Service Vulnerability
Categories:

Vuln: Microsoft Windows CVE-2014-6352 OLE Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - October 26, 2014 - 11:00pm
Microsoft Windows CVE-2014-6352 OLE Remote Code Execution Vulnerability
Categories: