Red Hat Security Advisory 2013-0580-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges.
bce351916224e0505a2617c15adea50d8775860585e7344c9149974fbf8e9b78The Airvana Airrave router version 2.5 suffers from a stored cross site scripting vulnerability.
8a8c8f4eaacfa94b50ca1148811eda804a4aecd70d923ea5ba83e689fbad47ccRed Hat Security Advisory 2013-0577-01 - In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 has ended. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization 2.x installations to version 3.0. The upgrade from RHEV Manager version 2.2 running on Microsoft Windows to Red Hat Enterprise Virtualization Manager 3.0 running on Red Hat Enterprise Linux is fully supported and requires no downtime, during the upgrade all virtual machines will continue to run without loss of service.
ff86c4162020df1aa88b4eb05f17211bfa624d09c13741078a990347f3d95d95Red Hat Security Advisory 2013-0582-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system.
e0e1bc67708c3a5e17e015a956f1679d743300e35ddbcad23b6ada0623037f7aPiwigo version 2.4.5 suffers from cross site request forgery and path traversal vulnerabilities.
fa7caef3d71bf542944197ba1254ae80793c996f818ebada67016b53bda20be2Geeklog version 1.8.2 suffers from a cross site scripting vulnerability.
65069d7d58e534e690dddae77b00805e002a5382694fcd1b33220b7f7858f6b3D-Link DIR-645 devices suffer from a direct access authentication bypass vulnerability.
dcf3e8cc9b88697715721a2cb01e45776ca2a0185c8282b483cd16f4d102e436Ubuntu Security Notice 1732-2 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.
2367bcc3d45834f284f828f0ff2c01105eb0f564e86bef545dbb3c3941c12cd7The 3rd annual 44CON Call For Papers has been announced. It will be held in London, England from September 12th through the 13th, 2013 at the Millennium Conference Centre.
5672680524ab4a6f3125c67284c32baab75a2a64701c99df2a2f670aaf544548Mandriva Linux Security Advisory 2013-016 - PHP does not validate the configuration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations. PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send serialized SoapClient object initialized in non-wsdl mode which will make PHP to parse automatically remote XML-document specified in the location option parameter. The updated packages have been upgraded to the 5.3.22 version which is not vulnerable to these issues. Additionally, some packages which requires so has been rebuilt for php-5.3.22.
ff41515449363984942b65ae249ef44b40b554b1cc2d8893434bac83e5ccb454Ubuntu Security Notice 1754-1 - Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.
b6eaa9e4310775a7d2276b521831c90680ecfb4422746e497b6bdd6750cabed1The Fileutils Ruby gem suffers from possible remote command execution due to a lack of passing unsanitized user input to CutyCapt for execution. It also suffers from insecure file handling in /tmp.
9effb3c69c98b3176ca1adde2524ed4a2a4b6bee7a62e010054f819e6d60b521Drupal Clean third party theme version 7.x suffers from a cross site scripting vulnerability.
15d448bacc7444411853aac2edf318169657e316a7a1008de137cecab32ab9beDrupal Company third party theme version 7.x suffers from a cross site scripting vulnerability.
90ea9c99a37232f836aab987a7229ef571b95b070ace7b2351d834d7dedf6e62Red Hat Security Advisory 2013-0574-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. A specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. This update also fixes a permissions issue with the Adobe Flash Player Firefox sandbox.
3068f801979182c4215252624e687c0792782b46ba969047634ac893c90aa475PHEARCON is a hacking conference based in Milwaukee Wisconsin with the goal of bringing hackers together under one roof to learn, hack, and party. It will take place October 12th, 2013 in Milwaukee, Wisconsin.
93f2d1424cf3fb9e7fb725c5b03461e46994d812817c4b7d51f1a7126be1e5e7Drupal Professional third party theme version 7.x suffers from a cross site scripting vulnerability.
b39c547e17e7326ee10140e93fc734025e4d2a6737630f8a2edb60017b562b72Drupal Best Responsive third party theme version 7.x suffers from a cross site scripting vulnerability.
11150be6bc04decd2f2848292fe922025e09f8c537f2e3e0b5a54b77f1461507Whitepaper called From Patched to Pwned - Attacking Xerox's Multifunction Printers Patch Process. In this paper the author discusses the step by step process around how to gain root level access to high end Xerox MFP devices, how the firmware signing process works, and how to protect yourself from this attack.
3688be93b27c1a23060fa014deca9150f7f3ac8484e3acd5427b36fec7c66906
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed