Ubuntu Security Notice 2098-2 - USN-2098-1 fixed a vulnerability in LibYAML. The security fix used introduced a regression that caused parsing failures for certain valid YAML files. This update fixes the problem. Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
4efd4e0efc0efabf9de7ceae7a958c7cc618c8dde47260642b5eca7eb63ef5a0Red Hat Security Advisory 2014-0171-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.
6ea55d54a664d704b909d71fccb7a651a80a777a52a2c4bd5d51856a12b1f5a6Red Hat Security Advisory 2014-0170-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.
4a7a416e0f9b2d1408e2420c51fc4ae55f44ce58cef88c50b293d9afcf81cdcaOATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
9bfa42cbc100eb6c43d2bf83e3badc51d9e6f4950a92e07513ae586d0c5e9b24This Metasploit module exploits a stack-based buffer overflow vulnerability in Easy CD-DA Recorder 2007, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .PLS file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
c9daf2bd49e0d41a84aba9c84b5e15a725fb5951f463b99f9505e1ba8d5f5f1eipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
ad61827f4306220c69140ffabd99f6c79379ac7b1d18b80550d610c13b008aafDrupal Commons third party distribution version 7.x suffers from a cross site scripting vulnerability.
b0e4e34ce5a0779ff9f5e5246759cc3dc01f219b4f60195a5d82e5368a599f22CA 2E Web Option version 8.1.2 suffers from an unauthenticated privilege escalation vulnerability that can allow for a denial of service condition.
cb6ba2704a2a0e3d944bde61fec01be38663ee9a4892d786234c64e6316d2156NetGear DGN2200 N300 Wireless ADSL2+ Modem Router with firmware version 1.0.0.36-7.0.37 suffers from command injection, cross site request forgery, insecure configuration, cleartext password storage, information disclosure, and other vulnerabilities.
a978aba153192cd7a832bce9b39e16a17481fc2d53a997dd74d8b88cfef63fc9Debian Linux Security Advisory 2850-2 - The security update released in DSA-2850-1 for libyaml introduced a regression in libyaml failing to parse a subset of valid yaml documents.
5079ec9b2c98103cd097b5e819739ce588ae5b936575a220d38bf2d24b70a08fMandriva Linux Security Advisory 2014-027 - A heap overflow vulnerability has been addressed in imagecrop() in php. The updated php packages have been upgraded to the 5.5.9 version which is not vulnerable to this issue. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.9. The libmbfl packages has been synced with the changes as of php-5.5.9 and the onig packages has been upgraded to the 5.9.5 version.
44bd4da92e14ab9e05473e506d4bd7c8ce4a40f9f116c0c0acc020a1d7046a14Red Hat Security Advisory 2014-0164-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. A buffer overflow flaw was found in the way the MySQL command line client tool processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.
adb9084b8273ad395a53af59d17c5e6ecca6f2f676c670521e85c9048702804fUbuntu Security Notice 2104-1 - Florian Sagar discovered that the LXC sshd template set incorrect mount permissions. An attacker could possibly use this flaw to cause privilege escalation on the host.
55cee8e599573f7517c6322a49989c4e8be7e8bd614c71c20266b479497f168aRed Hat Security Advisory 2014-0163-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller implementation. A privileged guest user could use this flaw to crash the host. A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
44863daf8622cff24ab177852ccb4bfb7f75bb6a69579ca83ba17b43ea16e8d0Mandriva Linux Security Advisory 2014-026 - The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. The updated packages have been patched to correct this issue.
456752eb32055a018bec91321eb45e6bc4e8364ee8ce183f178cccf60f35fa3e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed