Fedora 20 Security Update: pyxdg-0.25-5.fc20

December 5, 2014 007admin Leave a comment

Resolved Bugs
1056338 – CVE-2014-1624 pyxdg: TOCTOU race condition in get_runtime_dir() when strict=False
1056339 – CVE-2014-1624 pyxdg: TOCTOU race condition in get_runtime_dir() when strict=False [fedora-all]<br
Fix CVE-2014-1624 pyxdg: TOCTOU race condition in get_runtime_dir() when strict=False

Fedora

Fedora 20 Security Update: phpMyAdmin-4.2.13.1-1.fc20

December 5, 2014 007admin Leave a comment

Resolved Bugs
1170597 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords
1170598 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords [fedora-all]
1170604 – CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism
1170605 – CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism [fedora-all]<br
phpMyAdmin 4.2.13.1 (2014-12-03)
================================
– [security] XSS vulnerability in redirection mechanism
– [security] DOS attack with long passwords

Fedora

Fedora 20 Security Update: pwgen-2.07-1.fc20

December 5, 2014 007admin Leave a comment

Resolved Bugs
1020220 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default
1020222 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default [fedora-all]
1020258 – CVE-2013-4442 pwgen: silent fallback to insecure entropy
1020259 – CVE-2013-4442 pwgen: silent fallback to insecure entropy [fedora-all]<br
Update to 2.07 (bug 1159526) fixes:
– CVE-2013-4440 (bug 1020222, 1020223)
– CVE-2013-4442 (bug 1020259, 1020261)

Fedora

Fedora 20 Security Update: castor-1.3.3-1.fc20

December 5, 2014 007admin Leave a comment

Resolved Bugs
1108639 – CVE-2014-3004 castor: XML External Entity (XXE) attacks via a crafted XML document
1108691 – CVE-2014-3004 castor: XML External Entity (XXE) attacks via a crafted XML document [fedora-all]<br
Update to latest upstream point release containing fix for CVE-2014-3004

Security Focus

Vuln: Teeworlds Memory Corruption and Denial of Service Vulnerabilities

December 5, 2014 007admin Leave a comment

Teeworlds Memory Corruption and Denial of Service Vulnerabilities

Security Focus

Vuln: Multiple KDE Products CVE-2014-8600 Multiple Security Bypass Vulnerabilities

December 5, 2014 007admin Leave a comment

Multiple KDE Products CVE-2014-8600 Multiple Security Bypass Vulnerabilities

Security Focus

Vuln: WordPress SP Project & Document Manager Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities

December 5, 2014 007admin Leave a comment

WordPress SP Project & Document Manager Plugin ‘ajax.php’ Multiple SQL Injection Vulnerabilities

NVD

CVE-2014-8990 (debian_linux, fedora, lsyncd)

December 5, 2014 007admin Leave a comment

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

NVD

CVE-2012-6656 (debian_linux, glibc, ubuntu_linux)

December 5, 2014 007admin Leave a comment

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of “0xffff” to the iconv function when converting IBM930 encoded data to UTF-8.

NVD

CVE-2014-9292

December 5, 2014 007admin Leave a comment

Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter.

007 Software

Monthly Archives: December 2014

Fedora 20 Security Update: pyxdg-0.25-5.fc20

Fedora 20 Security Update: phpMyAdmin-4.2.13.1-1.fc20

Fedora 20 Security Update: pwgen-2.07-1.fc20

Fedora 20 Security Update: castor-1.3.3-1.fc20

Vuln: Teeworlds Memory Corruption and Denial of Service Vulnerabilities

Vuln: Multiple KDE Products CVE-2014-8600 Multiple Security Bypass Vulnerabilities

Vuln: WordPress SP Project & Document Manager Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities

CVE-2014-8990 (debian_linux, fedora, lsyncd)

CVE-2012-6656 (debian_linux, glibc, ubuntu_linux)

CVE-2014-9292

Software and Security Information