Feed aggregator

Bugtraq: Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability

Security Focus Latest Security Advisories - September 26, 2014 - 8:00am
Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability
Categories:

Bugtraq: [slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)

Security Focus Latest Security Advisories - September 26, 2014 - 8:00am
[slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)
Categories:

next-20140926: linux-next

Linux Kernel Updates - September 26, 2014 - 6:05am
Version:next-20140926 (linux-next) Released:2014-09-26

[ MDVSA-2014:190 ] bash

BugTraq Latest Security Advisories - September 26, 2014 - 5:41am

Posted by security on Sep 26

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:190
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : bash
Date : September 26, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

It was...
Categories:

[slackware-security] bash (SSA:2014-268-01)

BugTraq Latest Security Advisories - September 26, 2014 - 5:33am

Posted by Slackware Security Team on Sep 26

[slackware-security] bash (SSA:2014-268-01)

New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bash-4.2.048-i486-2_slack14.1.txz: Rebuilt.
Patched an additional trailing string processing vulnerability discovered
by Tavis Ormandy.
For more information, see:...
Categories:

Bugtraq: [SECURITY] [DSA 3035-1] bash security update

Security Focus Latest Security Advisories - September 26, 2014 - 5:30am
[SECURITY] [DSA 3035-1] bash security update
Categories:

[SECURITY] [DSA 3036-1] mediawiki security update

BugTraq Latest Security Advisories - September 26, 2014 - 5:20am

Posted by Thijs Kinkhorst on Sep 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3036-1 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
September 26, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mediawiki
Debian Bug : 762754

It was discovered that...
Categories:

[SECURITY] [DSA 3035-1] bash security update

BugTraq Latest Security Advisories - September 26, 2014 - 5:12am

Posted by Salvatore Bonaccorso on Sep 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3035-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
September 25, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bash
CVE ID : CVE-2014-7169
Debian Bug : 762760...
Categories:

Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability

BugTraq Latest Security Advisories - September 26, 2014 - 5:04am

Posted by Cisco Systems Product Security Incident Response Team on Sep 26

GNU Bash Environmental Variable Command Injection Vulnerability

Advisory ID: cisco-sa-20140926-bash

Revision 1.0

For Public Release 2014 September 26 01:00 UTC (GMT)

Summary
+======

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the
way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject
commands into a Bash...
Categories:

[slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)

BugTraq Latest Security Advisories - September 26, 2014 - 4:55am

Posted by Slackware Security Team on Sep 26

[slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)

New bash packages are available for Slackware 13.0 to fix a security issue.

Here are the details from the Slackware 13.0 ChangeLog:
+--------------------------+
patches/packages/bash-3.1.018-i486-3_slack13.0.txz: Rebuilt.
The patch for CVE-2014-7169 needed to be rebased against bash-3.1 in order
to apply correctly. Thanks to B. Watson for the bug report.
For...
Categories:

Bugtraq: [oCERT-2014-007] libvncserver multiple issues

Security Focus Latest Security Advisories - September 26, 2014 - 4:15am
[oCERT-2014-007] libvncserver multiple issues
Categories:

Bugtraq: LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow

Security Focus Latest Security Advisories - September 26, 2014 - 4:15am
LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow
Categories:

Bugtraq: [ MDVSA-2014:189 ] nss

Security Focus Latest Security Advisories - September 26, 2014 - 4:15am
[ MDVSA-2014:189 ] nss
Categories:

Bugtraq: [ MDVSA-2014:188 ] wireshark

Security Focus Latest Security Advisories - September 26, 2014 - 4:15am
[ MDVSA-2014:188 ] wireshark
Categories:

Vuln: Drupal XML-RPC Endpoint Multiple Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - September 25, 2014 - 11:00pm
Drupal XML-RPC Endpoint Multiple Denial of Service Vulnerabilities
Categories:

Vuln: Wireshark SES Dissector CVE-2014-6428 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - September 25, 2014 - 11:00pm
Wireshark SES Dissector CVE-2014-6428 Remote Denial of Service Vulnerability
Categories:

Vuln: cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability

Security Focus Latest Security Advisories - September 25, 2014 - 11:00pm
cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability
Categories:

[oCERT-2014-007] libvncserver multiple issues

BugTraq Latest Security Advisories - September 25, 2014 - 8:53am

Posted by Andrea Barisani on Sep 25

#2014-007 libvncserver multiple issues

Description:

Virtual Network Computing (VNC) is a graphical sharing system based on the
Remote Frame Buffer (RFB) protocol.

The LibVNCServer project, an open source library for implementing VNC
compliant communication, suffers from a number of bugs that can be potentially
exploited with security impact.

Various implementation issues resulting in remote code execution and/or DoS
conditions on both the VNC...
Categories:

[slackware-security] bash (SSA:2014-267-01)

BugTraq Latest Security Advisories - September 25, 2014 - 8:44am

Posted by Slackware Security Team on Sep 25

[slackware-security] bash (SSA:2014-267-01)

New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bash-4.2.048-i486-1_slack14.1.txz: Upgraded.
This update fixes a vulnerability in bash related to how environment
variables are processed: trailing code in function definitions was...
Categories:

[slackware-security] mozilla-nss (SSA:2014-267-02)

BugTraq Latest Security Advisories - September 25, 2014 - 8:34am

Posted by Slackware Security Team on Sep 25

[slackware-security] mozilla-nss (SSA:2014-267-02)

New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-nss-3.16.5-i486-1_slack14.1.txz: Upgraded.
Fixed an RSA Signature Forgery vulnerability.
For more information, see:...
Categories: