What we have seen is that because of the way the requires are done, it is possible to update some of these without updating others. As an example, using normal tools like yum, you can do 'yum update nss-softokn' and that will allow an older version of nss-softokn-freebl (as an example) to still be installed. This bug is not CentOS specific and an upstream bug is filed here: https://bugzilla.redhat.com/show_bug.cgi?id=1182337 We are therefore going to re-release the packages as they are behaving as expected. Thanks, Johnny Hughes
Monthly Archives: January 2015
Re: CEBA-2015:0048 CentOS 6 nss-softokn BugFix Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/14/2015 02:11 PM, Johnny Hughes wrote: Due to reports of this update causing issues for some users, we have withdrawn these packages from the centos mirror network as we investigate further. - -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.karan.org/publickey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQEcBAEBAgAGBQJUttnDAAoJEI3Oi2Mx7xbtVaUH/0pkcU9Iq3ZDc4vLJjxOhcDj WOo3C+qsO3QVO97uAoH1Vmqr3Sprd9e8GZryfh7p2wINCJc+201jqIsxox7O1ZYR HMfVhl4gY6nQsk4knVSJzSjkcgb/sWsTc0y7h79XdvKrAtISaeP5LXZB5CHEq53e taWgzruVIB6oE4IamS5N4k0vzhFd1p2GE/s/WFKtDzSO14RV+/1unzfH1GctgaKU wgWcQXWSSr2SgUSZ5ruA7Yw1cCqLp9+JCM0i5d4Tp3q+JBI42FCbJ9MG6nOHsqYF jiiE+XzY8OlMQnI82ZlAeJDk+dVonBZgjv1ktYdlwuqiCgFTGHGGrgVzYyTeNGk= =3Nsc -----END PGP SIGNATURE-----
Skeleton Key Malware Opens Door to Espionage
The Skeleton Key malware bypasses single-factor authentication on Active Directory domain controllers and paves the way to stealthy cyberespionage.
MS14-080 CVE-2014-6365 Code
Posted by Diéyǔ on Jan 14
The attached file is exactly the code that I sent to
Microsoft Security Response Center “MSRC”
(Screenshot pictures are deleted)
Technical details were said in this post:
MS14-080 CVE-2014-6365 Technical Details Without “Nonsense”
(So I don’t repeat here)
The attached file is 4124 bytes.
The attached file contains html/php/txt.
(All readable by plain text editor)
Regards,
PS
I didn’t publish this in the first…
Mozilla Releases Security Updates for Firefox, Firefox ESR, SeaMonkey, and Thunderbird
Original release date: January 14, 2015
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, SeaMonkey, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.
Updates available include:
- Firefox 35
- Firefox ESR 31.4
- SeaMonkey 2.32
- Thunderbird 31.4
Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, SeaMonkey, and Thunderbird and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
CVE-2014-3314
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.
CVE-2015-0577
Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113.
CVE-2015-0578
Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455.
CVE-2015-0579
Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473.
CVE-2015-0583
Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281.