Monthly Archives: January 2015
Republicans Make Plan To Preempt FCC On Net Neutrality
Sony Hack Was Good News For Insurers And Investors
Head Of Marine Forces Cyber Command To Lead DIA
Obama to call for longer hacking prison sentences with revised Computer Fraud and Abuse Act
President Barack Obama intends to persuade Congress to increase the sentence for hackers, as well as widen the definition of what hacking means, according to Ars Technica.
The post Obama to call for longer hacking prison sentences with revised Computer Fraud and Abuse Act appeared first on We Live Security.
Fedora EPEL 7 Security Update: thunderbird-31.4.0-1.el7
Resolved Bugs
1172386 – security update thunderbird for EPEL7<br
For list of changes see https://www.mozilla.org/en-US/thunderbird/31.4.0/releasenotes/
See https://www.mozilla.org/en-US/thunderbird/31.3.0/releasenotes/ for changes.
Fedora EPEL 7 Security Update: python-django-1.6.10-1.el7
Resolved Bugs
1179672 – CVE-2015-0219 Django: WSGI header spoofing via underscore/dash conflation
1181941 – CVE-2015-0219 python-django: Django: WSGI header spoofing via underscore/dash conflation [epel-7]
1179675 – CVE-2015-0220 Django: Mitigated possible XSS attack via user-supplied redirect URLs
1181945 – CVE-2015-0220 python-django: Django: Mitigated possible XSS attack via user-supplied redirect URLs [epel-7]
1179679 – CVE-2015-0221 Django: denial of service attack against django.views.static.serve
1181948 – CVE-2015-0221 python-django: Django: denial of service attack against django.views.static.serve [epel-7]
1181952 – CVE-2015-0222 python-django: Django: database denial of service with ModelMultipleChoiceField [epel-7]
1179685 – CVE-2015-0222 Django: database denial of service with ModelMultipleChoiceField<br
fix CVE-2015-0219 (rhbz#1181939)
update to 1.6.9
Marriott Agrees to Stop Blocking Guest WiFi Devices
Marriott, which last year paid a $600,000 fine for blocking customers’ WiFi devices in its hotels, has said that it no longer will prevent guests from using personal hotspots or similar devices. The situation resulted from a complaint by a guest who stayed at Marriott’s Gaylord Opryland hotel in 2013 and found that he couldn’t […]
CVE-2014-0171 (jboss_data_virtualization)
XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.
CVE-2014-7811 (network_satellite, spacewalk)
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.