CentOS Errata and Bugfix Advisory 2014:1804 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1804.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ce8b6c57c7952533e4b1e0609833d8b71f530d901383a048b5efd6c44baec8ff java-1.6.0-openjdk-1.6.0.33-1.13.5.1.el6_6.i686.rpm 26a08f91c45a7ec687e6b080e56588e457fecdf7fdb7a233e3545995a4d57502 java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.1.el6_6.i686.rpm 0602657ccce302a98ad1b8ea2c53ae4161e4d1629a69222d84cd0f19758f9236 java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.1.el6_6.i686.rpm a6c001c8bc3fc186885690d814174abf5f807e4d2b33830cf8300aede4323af4 java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.1.el6_6.i686.rpm 2d3c4ee7b9e6d763de258cd64d5c1b7e1b139470c22f199589d9ca7cf53673f0 java-1.6.0-openjdk-src-1.6.0.33-1.13.5.1.el6_6.i686.rpm x86_64: 06b1e12ccf3ef51e2a722cdc7a17ba28e82e7da87ebea56b185625a851c8fa9d java-1.6.0-openjdk-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm ee7acf681faf4f0edf9b16e0e0f6fabc8508e1769123155088124fa282796170 java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm 49bc35f90f0fc6dc5691cfeb7f6f858b19d0606dd68a0f8a2810490a13a688a6 java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm b47074cd00d0fc21a7a65a13fc31947c10ea48fc897a6ca7aec8c537a0e2bce3 java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm d36b22d8c675e73be34499d9eb63cdbc9e7a5002aede2516a121906e19552d88 java-1.6.0-openjdk-src-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm Source: 64f539da9e808ac2ae0151b6c3fc68e301d71736561ad172085a7556c568b8cd java-1.6.0-openjdk-1.6.0.33-1.13.5.1.el6_6.src.rpm
Monthly Archives: November 2014
CESA-2014:1803 Important CentOS 6 mod_auth_mellonSecurity Update
CentOS Errata and Security Advisory 2014:1803 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1803.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6055e9600cce5bf4dec3568d497336417daaf549e3f2931adacaab0f06edc1a4 mod_auth_mellon-0.8.0-3.el6_6.i686.rpm x86_64: d71fdd630677e5f75b9ea81047116614b77f73a45125455ec7642f6e4f2c660e mod_auth_mellon-0.8.0-3.el6_6.x86_64.rpm Source: 637af449c5a250ea6b90642522c5381e78144920dc45da31a88ab3ae9cbed906 mod_auth_mellon-0.8.0-3.el6_6.src.rpm
WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF
WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities.
CEBA-2014:1806 CentOS 6 zsh BugFix Update
CentOS Errata and Bugfix Advisory 2014:1806 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1806.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 202127b4c7ae36af7ba509afe7dd8e331879a8b76e0166c02af4bca1f057f159 zsh-4.3.10-9.el6.i686.rpm 4bb755d4713294af914c91b9829ffb26c067d0cb7718118574f4464ed7fe87dc zsh-html-4.3.10-9.el6.i686.rpm x86_64: bfe0e62f658aeec276f73b1aca27bc31dc57cbbb2c985a2bde313dba7fc4de13 zsh-4.3.10-9.el6.x86_64.rpm b82198356d48715c93d7f1148787694445ea805106bf0b32208b502409d5030f zsh-html-4.3.10-9.el6.x86_64.rpm Source: 2a50598b33958767b774e2f110fe97f648a9bf039571c9f0f17e3ba8e8a3c20a zsh-4.3.10-9.el6.src.rpm
Softing FG-100 PB Hardcoded Backdoor
Softing FG-100 PB comes with a hardcoded root account with a static password that cannot be changed by the administrator.
Softing FG-100 PB Cross Site Scripting
Softing FG-100 PB suffers from a cross site scripting vulnerability.
VMWare vmx86.sys Arbitrary Kernel Read
A vulnerability within the vmx86 driver allows an attacker to specify a memory address within the kernel and have the memory stored at that address be returned to the attacker. VMWare Workstation version 10.0.0.40273 is affected.
Magento E-Commerce Cross Site Scripting
E-Bay has failed to fix six month old cross site scripting issues in Magento E-Commerce.
FreeBSD Security Advisory – sshd Denial Of Service
FreeBSD Security Advisory – Although OpenSSH is not multithreaded, when OpenSSH is compiled with Kerberos support, the Heimdal libraries bring in the POSIX thread library as a dependency. Due to incorrect library ordering while linking sshd(8), symbols in the C library which are shadowed by the POSIX thread library may not be resolved correctly at run time. Note that this problem is specific to the FreeBSD build system and does not affect other operating systems or the version of OpenSSH available from the FreeBSD ports tree. An incorrectly linked sshd(8) child process may deadlock while handling an incoming connection. The connection may then time out or be interrupted by the client, leaving the deadlocked sshd(8) child process behind. Eventually, the sshd(8) parent process stops accepting new connections. An attacker may take advantage of this by repeatedly connecting and then dropping the connection after having begun, but not completed, the authentication process.
D-Link DAP-1360 Abuse / Cross Site Request Forgery
D-Link DAP-1360 suffers from cross site request forgery, abuse of functionality, and brute force vulnerabilities.