The NoSuchCon Call For Papers has been announced. It will take place May 15th through the 17th, 2013 in Paris, France. NoSuchCon (NSC) is a fork (think continuation) from the Hackito Ergo Sum conference.
279273bb349f9bf5581e9f54a0c50804c867262908e2aca26f842b7f69b57c7cThe AusCERT2013 program committee welcomes original contributions for presentations and tutorials not previously published nor submitted in parallel for publication to any other conference or workshop. The conference will take place May 20th through the 24th, 2013.
9693dce5b3b925df9f5ca641be69d9aec0f654ed424b3f667594a06c38699eb4This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
890836e94e3df9f0cd83b2cb9ed98f9a072cb4aaa3d5ebfc78785a6ad2d47bbaRed Hat Security Advisory 2013-0180-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon.
c46944fff9eaf716d515206fe427c7820974a5b1849c452e4398e331b4a16859Red Hat Security Advisory 2013-0168-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user could use this flaw to trigger long loops, leading to a denial of service. It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization security feature.
b9ff959f49b534fdbdf4cd13becc4578008c34ad8428ee563ddd440250d903e5Ubuntu Security Notice 1681-3 - USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
aef9bd0134382453da04d18de3f8d989d0313ca67877b0a7c7b82b2dd398cd22Debian Linux Security Advisory 2611-1 - An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries.
89d68f6be8ffae23f363d55090a96d9684ff07754963ce7062f93a265b75541cUbuntu Security Notice 1704-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. Various other issues were also addressed.
cee34c70ba2a3639f0d2c6c944ab8c33eaab079317385ea3e05356964547c138Debian Linux Security Advisory 2610-1 - Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web browser.
ba3c7e8b1dd3751ec26cd89743e5524f12bc368e5641b1ff3d0c2f436df9fc5bUbuntu Security Notice 1701-1 - It was discovered that Vino incorrectly transmitted clipboard activity before authenticating the remote connection. A remote attacker could connect to Vino and monitor clipboard activity.
d4053a9076fc30a14607b6d52279e3c08354eedca82cbe7b5f1a8805566d147dUbuntu Security Notice 1703-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.67 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
5686e0dae7e1a8e1fea5441532287eff9abdf26e5adfc2549050f7f80ecbf898Ubuntu Security Notice 1702-1 - It was discovered that PHP incorrectly handled the openssl_encrypt function when used with an empty string. An attacker could use this flaw to cause PHP to disclose arbitrary memory contents and possibly expose sensitive information.
3132a161ab750a6dc5a6862fbf65eaf4417cca66df442490a8eaec7791e0e991Red Hat Security Advisory 2013-0169-01 - Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote attacker who is able to access port 5900 on a system running Vino could use this flaw to read clipboard data without authenticating. Two out-of-bounds memory read flaws were found in the way Vino processed client framebuffer requests in certain encodings. An authenticated client could use these flaws to send a specially-crafted request to Vino, causing it to crash.
709d44a326fa0d3994ae28eeedadf167461a56201a46fc7ea3ccc58537ada91c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed