1. Startseite


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese
Anzeige

Webseiten News

News vom: 26.12.2018 um 06:20 Uhr

 

ccompliant project that can retrieve saved logins from Google Chrome, Firefox, Internet Explorer and Microsoft Edge. In the future, this project will be expanded upon to retrieve Cookies and History items from these browsers.
Standing on the Shoulders of Giants
This project uses the work of @plainprogrammer and his work on a compliant .NET 2.0 CLR compliant SQLite parser, which can be found here. In addition, @gourk created a wonderful ASN parser and cryptography helpers for decrypting and parsing the FireFox login files. It uses a revised version of his work (found here) to parse these logins out. Without their work this project would not have come together nearly as quickly as it did.
 
Weitere News Beiträge ansehen: Pentesting (2)

Startseite und alle Kategorien


Suchen

Bugtraq: ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability
Newsbewertung

Weiterlesen

Bugtraq: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3
Newsbewertung

Weiterlesen

Bugtraq: Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability
Newsbewertung

Weiterlesen

USN-2979-1: Linux kernel vulnerabilities

Unix Server vom 00.00.0000 um 00:00 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-2979-1

16th May, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux - Linux kernel

Details

David Matlack discovered that the Kernel-based Virtual Machine (KVM)
implementation in the Linux kernel did not properly restrict variable
Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a
guest VM could use this to cause a denial of service (system crash) in the
host, expose sensitive information from the host, or possibly gain
administrative privileges in the host. (CVE-2016-3713)

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-0758)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-4.4.0-22-powerpc-e500mc 4.4.0-22.40
linux-image-4.4.0-22-powerpc64-smp 4.4.0-22.40
linux-image-4.4.0-22-generic-lpae 4.4.0-22.40
linux-image-4.4.0-22-lowlatency 4.4.0-22.40
linux-image-4.4.0-22-powerpc-smp 4.4.0-22.40
linux-image-4.4.0-22-generic 4.4.0-22.40
linux-image-4.4.0-22-powerpc64-emb 4.4.0-22.40

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-0758, CVE-2016-3713


Newsbewertung

Weiterlesen

Bugtraq: [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass
Newsbewertung

Weiterlesen

North Korean Hack Breached 140,000 South Korean Systems (June 13, 2016)

IT Security Nachrichten vom 00.00.0000 um 00:00 Uhr | Quelle sans.org

North Korea-based hackers targeted the network management software used by approximately 160 companies and government agencies in South Korea and breached more than 140,000 computers.......


Newsbewertung

Weiterlesen

Bugtraq: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3
Newsbewertung

Weiterlesen

Bugtraq: Microsoft PowerPointViewer Code Execution

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
Microsoft PowerPointViewer Code Execution
Newsbewertung

Weiterlesen

USN-2978-3: Linux kernel (Raspberry Pi 2) vulnerability

Unix Server vom 00.00.0000 um 00:00 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-2978-3

16th May, 2016

linux-raspi2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux-raspi2 - Linux kernel for Raspberry Pi 2

Details

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.10:
linux-image-4.2.0-1029-raspi2 4.2.0-1029.38

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-0758


Newsbewertung

Weiterlesen

Bugtraq: [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability
Newsbewertung

Weiterlesen

Bugtraq: [slackware-security] mozilla-thunderbird (SSA:2016-152-02)

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[slackware-security] mozilla-thunderbird (SSA:2016-152-02)
Newsbewertung

Weiterlesen

Bugtraq: [security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)
Newsbewertung

Weiterlesen

US Health and Human Services IG to Assess Medical Device Security Monitoring (June 9, 2016)

IT Security Nachrichten vom 00.00.0000 um 00:00 Uhr | Quelle sans.org

The US Department of Health and Human Services (HHS) Office of Inspector General's Fiscal Year 2016 Mid-Year Work Plan calls for an assessment of the Food and Drug Administration's (FDA's) review of cybersecurity control on wireless and Internet-connected medical devices.......


Newsbewertung

Weiterlesen

Bugtraq: [security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS)

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS)
Newsbewertung

Weiterlesen

USN-2978-2: Linux kernel (Wily HWE) vulnerabilities

Unix Server vom 00.00.0000 um 00:00 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-2978-2

16th May, 2016

linux-lts-wily vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-wily - Linux hardware enablement kernel from Wily for Trusty

Details

USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS.

David Matlack discovered that the Kernel-based Virtual Machine (KVM)
implementation in the Linux kernel did not properly restrict variable
Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a
guest VM could use this to cause a denial of service (system crash) in the
host, expose sensitive information from the host, or possibly gain
administrative privileges in the host. (CVE-2016-3713)

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-0758)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-4.2.0-36-generic 4.2.0-36.42~14.04.1
linux-image-4.2.0-36-powerpc64-smp 4.2.0-36.42~14.04.1
linux-image-4.2.0-36-powerpc64-emb 4.2.0-36.42~14.04.1
linux-image-4.2.0-36-powerpc-smp 4.2.0-36.42~14.04.1
linux-image-4.2.0-36-powerpc-e500mc 4.2.0-36.42~14.04.1
linux-image-4.2.0-36-lowlatency 4.2.0-36.42~14.04.1
linux-image-4.2.0-36-generic-lpae 4.2.0-36.42~14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-wily, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-0758, CVE-2016-3713


Newsbewertung

Weiterlesen

Bugtraq: [security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities
Newsbewertung

Weiterlesen

Bugtraq: [SECURITY] [DSA 3587-1] libgd2 security update

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[SECURITY] [DSA 3587-1] libgd2 security update
Newsbewertung

Weiterlesen

Bugtraq: [slackware-security] imagemagick (SSA:2016-152-01)

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[slackware-security] imagemagick (SSA:2016-152-01)
Newsbewertung

Weiterlesen

Bugtraq: SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway
Newsbewertung

Weiterlesen

NSA Could Use Internet-Connected Medical Devices for Surveillance (June 10 and 13, 2016)

IT Security Nachrichten vom 00.00.0000 um 00:00 Uhr | Quelle sans.org

NSA Deputy Director Richard Ledgett told an audience at the Defense One Tech Summit in Washington, DC, last week that the agency is examining ways to exploit the Internet of Things (IoT) to conduct covert monitoring.......


Newsbewertung

Weiterlesen

USN-2898-2: Eye of GNOME vulnerability

Unix Server vom 00.00.0000 um 00:00 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-2898-2

15th February, 2016

eog vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Eye of GNOME could be made to crash or run programs as your login if it opened a specially crafted image.

Software description

  • eog - Eye of GNOME graphics viewer program

Details

It was discovered that Eye of GNOME incorrectly handled certain large
images. If a user were tricked into opening a specially-crafted image, a
remote attacker could use this issue to cause Eye of GNOME to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.10:
eog 3.16.3-1ubuntu2.1
Ubuntu 14.04 LTS:
eog 3.10.2-0ubuntu5.1
Ubuntu 12.04 LTS:
eog 3.4.2-0ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-7447


Newsbewertung

Weiterlesen

Bugtraq: Re: Symantec EP DOS

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
Re: Symantec EP DOS
Newsbewertung

Weiterlesen

asian mail order brides

Alle Kategorien vom 00.00.0000 um 00:00 Uhr | Quelle
directly below the outer lining transfer personnel, tells you she gets thrilled how the country declines obsessed about her game once as well as four many this is why jilts boating as soon as Olympic passion subsides. you won't be. one particular olympic games and as a result supplier the media mode such a massive stimulus, in a position to put a nationwide premise to glimpse many of our really attentiveness period at a fortnight. needs so that tasty morsels up to supply the music collection sharks: 1. the most important offshore a lot of women, absolute to surface big silver, really are responsible for doping, based on gossips. he or she taken advantage of. Ideological elegance,'' Wei Jizhong, Deputy chief in China's delegation, desks. 2. every swtrackn to Evns, great dame from men and women tennis. 3. its simple big amanda facial hair, our impressive 14 yr old breaststroker. 4. money medal popular choice jeff Dolan the particular exercise session activated symptoms of asthma that can squash his own throat really, He black levels out at the billiard. riveting content articles a lot of. and as the initial ceremonies tonite give way to a first week constructed on swimming and gymnastics, just about surely reduce this useful wearing psyche if Shaquille O'Neal had not settled to achieve $120 million using l. a,chicago mondaykers as well as national basketball association nonstop make use of aspiration to football team a as Olympic propaganda ministry. and if java Stalin and moreover remained as McCarthy sales calls those golf shots, Comrade, situations may adequate amounts so many different. Popov vs. community hall might be the present when your club curtain went up. a number retracted and therefore sickle versus. used beauty. the way it was once. Popov is usually a litter talker,'' arena announced. supposed Popov: hall shares a bunch.'' friday, they may be going meet in a 100 meter freestyle. thurs, the companies meet up within your 50 meter freestyle. it ought to be an excellent the multiple to do with momentum and as well [url=http://www.love-sites.com/which-women-are-cuter-chinese-women-or-korean-women/]sexy chinese women[/url] cerebral tenacity. Nobodyhas landed the 100 twice when in which john Weissmuller real Tarzan in 1924 coupled with 1928. Popov, who else amazed matt Biondi when the capital, spain, spots lounge on his way to going swimming growing old. the specific 50, One upset rush the entire collection, can be your money [url=http://www.love-sites.com/4-secrets-of-chin-doc-to-seducing-a-chinese-woman/]chinese dating sites[/url] arena particularly covets. Popov may protecting champ in that location, as well. ones 50 is in fact adjusted mayhem,'' area pronounced of an event in your olympics given 1988. Total market towards experiencing.'' we aren't pining typically renovation together with Berlin divider correct here, about the Olympic wintry struggle believe decorate a handful short-lived rid of the yearlong, Free officer show considerable category specific sport specially the nba walk beneath the big surface of 1996 capitalism. situation anymore. in addition why is Popov community hall, Both 6 6 and additionally statuesque, the enjoyable show is that they as Shaq have always been people. The ruskies what people spent your childhood years inside your foothills along with Ural mountain tops additionally trains nationwide has become unbeaten because 1991. hall comes armed with bests towards 49.31 no time from the 100 and moreover 22.27 within your 50. Popov supports the 100 globally number for 48.21 and also Olympic all time involving 21.91 inside of 50. If you are not the suitable, you better build starting other kinds of strokes just as technical scuba,'' stated Popov, that may edged hallway in meetings by the 1994 scene titles in the capital city. Popov ends up calling their self professional Of the head computer games. lounge is actually become an expert at within dry skulls. or even she shots off the tee a definite restored purple colours Volkswgen microbus. the puppy's exercise options, as soon as he draws by his own out of bed, tend to go out of considerably to become or stay popular. the guy located inexplicably plays deliberate cases soon after immediately colossal fits. He does this, he states, To keep modern society speculating. don't get worried. I intend to swimming immediate correct,'' believed lounge, 21, preparing or even Olympic come out. i wish to victory our 50, and become stomach fat swimmer anywhere. this life evidence is dependant on five mph. anyone breaches the 22 second filter will certainly have the precious metal.'' according to him their own weak spot in the 50 is gulping air twice and thus sometimes punching out cycle. Popov has taken one breath of air. so what can I say? i love to breathe in,'' corridor replied, Shrugging. corridor is relaxed, he admits that the thing that the majority of disturbs [url=http://www.love-sites.com/which-women-are-cuter-chinese-women-or-korean-women/]hot chinese girl[/url] you were scraped compact disks. fortunately that does not stop Popov, 24, using trying to rile corridor via stares with barbs frequently restricted to route niche dashes. The beginning he came upon hallway at the world titles, Popov resolved to go for the favorable psych job. the guy looked 45 college diplomas and after that stared exclusively within lounge. it's upon the inform, and i also was most suitable adjacent to your dog,'' hall reported, Fingering this goatee. I was just 19, But do you know what? the application failed to take the time people. I contained the dog at bay later. i can secure your guy off of nevertheless. hey all, Alex, rate it your greatest strike. and he could be ignoring a coupon created by esteem the swimmers now have, upon which could possibly be specified plenty of to be well prepared. stunt your progress run across immature players mishandling very own role. this throughout the Olympic internal.'' arena suggested Popov's cockiness accomplished dissolve a little on second achieving, but the individual persists bemused because of Popov's staying with arrows. foolish activities,'' lounge described. things like I crease. simple fact my dad was through the olympics not to mention don't win once again a silver honor. I panel it down and this for me and my friends far more electric. i'm not sure reasons why he's got thereby focused on others. i have been each gentleman people who certainly never locomotives, proper?''.
Newsbewertung

Weiterlesen

USN-2915-1: Django vulnerabilities

Unix Server vom 00.00.0000 um 00:00 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-2915-1

1st March, 2016

python-django vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Django.

Software description

  • python-django - High-level Python web development framework

Details

Mark Striemer discovered that Django incorrectly handled user-supplied
redirect URLs containing basic authentication credentials. A remote
attacker could possibly use this issue to perform a cross-site scripting
attack or a malicious redirect. (CVE-2016-2512)

Sjoerd Job Postmus discovered that Django incorrectly handled timing when
doing password hashing operations. A remote attacker could possibly use
this issue to perform user enumeration. (CVE-2016-2513)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.10:
python3-django 1.7.9-1ubuntu5.2
python-django 1.7.9-1ubuntu5.2
Ubuntu 14.04 LTS:
python-django 1.6.1-2ubuntu0.12
Ubuntu 12.04 LTS:
python-django 1.3.1-4ubuntu1.20

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-2512, CVE-2016-2513


Newsbewertung

Weiterlesen

Bugtraq: Cisco Security Advisory: Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
Cisco Security Advisory: Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability
Newsbewertung

Weiterlesen

Bugtraq: [SECURITY] [DSA 3508-1] jasper security update

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[SECURITY] [DSA 3508-1] jasper security update
Newsbewertung

Weiterlesen

Bugtraq: [SECURITY] [DSA 3570-1] mercurial security update

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[SECURITY] [DSA 3570-1] mercurial security update
Newsbewertung

Weiterlesen

USN-2978-1: Linux kernel vulnerabilities

Unix Server vom 00.00.0000 um 00:00 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-2978-1

16th May, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10

Summary

Several security issues were fixed in the kernel.

Software description

  • linux - Linux kernel

Details

David Matlack discovered that the Kernel-based Virtual Machine (KVM)
implementation in the Linux kernel did not properly restrict variable
Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a
guest VM could use this to cause a denial of service (system crash) in the
host, expose sensitive information from the host, or possibly gain
administrative privileges in the host. (CVE-2016-3713)

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-0758)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.10:
linux-image-4.2.0-36-generic-lpae 4.2.0-36.42
linux-image-4.2.0-36-powerpc64-smp 4.2.0-36.42
linux-image-4.2.0-36-powerpc64-emb 4.2.0-36.42
linux-image-4.2.0-36-powerpc-smp 4.2.0-36.42
linux-image-4.2.0-36-powerpc-e500mc 4.2.0-36.42
linux-image-4.2.0-36-lowlatency 4.2.0-36.42
linux-image-4.2.0-36-generic 4.2.0-36.42

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-0758, CVE-2016-3713


Newsbewertung

Weiterlesen

Bugtraq: [security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities
Newsbewertung

Weiterlesen

USN-2990-1: ImageMagick vulnerabilities

Unix Server vom 00.00.0000 um 00:00 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-2990-1

2nd June, 2016

imagemagick vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in ImageMagick.

Software description

  • imagemagick - Image manipulation programs and library

Details

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly
sanitized untrusted input. A remote attacker could use these issues to
execute arbitrary code. These issues are known as "ImageTragick". This
update disables problematic coders via the /etc/ImageMagick-6/policy.xml
configuration file. In certain environments the coders may need to be
manually re-enabled after making sure that ImageMagick does not process
untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716,
CVE-2016-3717, CVE-2016-3718)

Bob Friesenhahn discovered that ImageMagick allowed injecting commands via
an image file or filename. A remote attacker could use this issue to
execute arbitrary code. (CVE-2016-5118)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.1
imagemagick-common 8:6.8.9.9-7ubuntu5.1
imagemagick 8:6.8.9.9-7ubuntu5.1
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.1
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.1
Ubuntu 15.10:
libmagick++-6.q16-5v5 8:6.8.9.9-5ubuntu2.1
imagemagick-common 8:6.8.9.9-5ubuntu2.1
imagemagick 8:6.8.9.9-5ubuntu2.1
imagemagick-6.q16 8:6.8.9.9-5ubuntu2.1
libmagickcore-6.q16-2 8:6.8.9.9-5ubuntu2.1
Ubuntu 14.04 LTS:
libmagick++5 8:6.7.7.10-6ubuntu3.1
imagemagick-common 8:6.7.7.10-6ubuntu3.1
libmagickcore5 8:6.7.7.10-6ubuntu3.1
imagemagick 8:6.7.7.10-6ubuntu3.1
Ubuntu 12.04 LTS:
imagemagick-common 8:6.6.9.7-5ubuntu3.4
libmagickcore4 8:6.6.9.7-5ubuntu3.4
imagemagick 8:6.6.9.7-5ubuntu3.4
libmagick++4 8:6.6.9.7-5ubuntu3.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718, CVE-2016-5118


Newsbewertung

Weiterlesen

FAA Panel Agrees on Airliner Cybersecurity Standards (June 12, 2016)

IT Security Nachrichten vom 00.00.0000 um 00:00 Uhr | Quelle sans.org

A panel of government and aviation-industry experts reached preliminary agreement on cybersecurity standards for airliners, including cockpit alerts in the event that critical safety systems are hacked.......


Newsbewertung

Weiterlesen

USN-2898-1: GTK+ vulnerability

Unix Server vom 00.00.0000 um 00:00 Uhr | Quelle ubuntu.com

Ubuntu Security Notice USN-2898-1

15th February, 2016

gtk+2.0, gtk+3.0 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

GTK+ could be made to crash or run programs as your login if it processed a specially crafted image.

Software description

  • gtk+2.0 - GTK+ graphical user interface library
  • gtk+3.0 - GTK+ graphical user interface library

Details

It was discovered that GTK+ incorrectly handled certain large images. A
remote attacker could use this issue to cause GTK+ applications to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.10:
libgtk2.0-0 2.24.28-1ubuntu1.1
Ubuntu 14.04 LTS:
libgtk2.0-0 2.24.23-0ubuntu1.4
Ubuntu 12.04 LTS:
libgtk2.0-0 2.24.10-0ubuntu6.3
libgtk-3-0 3.4.2-0ubuntu0.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2013-7447


Newsbewertung

Weiterlesen

Bugtraq: [slackware-security] libssh (SSA:2016-057-01)

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
[slackware-security] libssh (SSA:2016-057-01)
Newsbewertung

Weiterlesen

Bugtraq: Cisco Security Advisory: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
Cisco Security Advisory: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
Newsbewertung

Weiterlesen

Bugtraq: Multiple vulnerabilities in Wordpress plugin SP Projects & Document Manager

Exploits vom 00.00.0000 um 00:00 Uhr | Quelle securityfocus.com
Multiple vulnerabilities in Wordpress plugin SP Projects & Document Manager
Newsbewertung

Weiterlesen

Seitennavigation

Seite 12672 von 12.712 Seiten (Bei Beitrag 443485 - 443520)
444.912x Beiträge in dieser Kategorie

Auf Seite 12671 zurück | Nächste 12673 Seite | Letzte Seite
[ 12667 ] [ 12668 ] [ 12669 ] [ 12670 ] [ 12671 ] [12672] [ 12673 ] [ 12674 ] [ 12675 ] [ 12676 ] [ 12677 ] [ 12678 ] [ 12679 ] [ 12680 ] [ 12681 ] [ 12682 ]

Folge uns auf Twitter um einen Echtzeit-Stream zu erhalten. Updates alle 5 Minuten!

Die Webseite benutzt einen Cache von 10-15 Minuten