Mandriva Linux Security Advisory 2015-002 – A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions.
Monthly Archives: January 2015
Mandriva Linux Security Advisory 2015-001
Mandriva Linux Security Advisory 2015-001 – Several vulnerabilities were found in c-icap, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts.
Mandriva Linux Security Advisory 2015-004
Mandriva Linux Security Advisory 2015-004 – A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize(). PHP has been updated to version 5.5.20, which fixes these issues and other bugs.
Mandriva Linux Security Advisory 2015-003
Mandriva Linux Security Advisory 2015-003 – If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. The ntp package has been patched to fix these issues.
Bitstamp Goes Offline After Possible Hack
US Sanctions North Korea Over Sony Hack And Classifies Attack Evidence
Saudi Arabia Hires 'Ethical Hackers' To Silence Smut Slingers
The Xbox One SDK May Have Been Leaked
AVG Named Business Solutions Best Channel Vendor 2015
AMSTERDAM and SAN FRANCISCO – January 5, 2015 – AVG Technologies N.V. (NYSE: AVG), the online security company™ for 188 million active users, today announced it has been selected by Business Solutions Magazine (BSM) as a 2015 Best Channel Vendor in the Network Security category. The annual poll of Value Added Resellers (VARs) and BSM subscribers rated vendor partners in seven categories including service/support, channel friendly, product features, product reliability, channel program, product innovation and VAR margins.
“We are thrilled our industry partners have voted us Best Channel Vendor,” said Francois Daumard, VP Global Channel Sales, AVG Technologies. “2015 marks the start of a pivotal year for us as we work to make the Channel appreciate the new face of AVG Business. Still not enough partners truly understand the transition that has been taking place within AVG Business. Thanks to AVG Business Managed Workplace® we are first and foremost today a remote monitoring and management (RMM) applications vendor. Crucially, as business applications move towards an increasingly integrated future, the only established network security Channel vendor that is fully focused on integrated cloud and mobile applications development.”
Throughout 2014 AVG Business has continued to invest significantly in support of industry partners including holding its first Annual Partner Cloud Summit, introducing a new product portfolio, expanding its international distribution footprint and hiring some recognized industry big-hitters to head up its Global Channel Sales and Marketing teams.
Best Channel Vendor 2015 is the latest of many recent accolades for AVG that include recognition by Virus Bulletin’s VB100 for products and the 2014 MSPmentor 250 for excellence in managed services leadership and expertise.
During fall 2014, BSM partnered with Penn State University to conduct a Web-based survey capturing significant data from active VAR subscribers. A total of 8,848 validated votes were cast, continuing the tradition of one of the largest and most detailed surveys of its kind. Scores were tallied by BSM editorial staff using methodology provided by Penn State.
The full list of 2015 Best Channel Vendors appears in a special report in Business Solutions Magazine’s January issue.
###
About AVG Technologies (NYSE: AVG)
AVG is the online security company providing leading software and services to secure devices, data and people. AVG has over 188 million active users, as of September 30, 2014, using AVG’s products and services including Internet security, performance optimization, and personal privacy and identity protection. By choosing AVG’s products, users become part of a trusted global community that engages directly with AVG to provide feedback and offer mutual support to other customers.
All trademarks are the property of their respective owners.
Contacts:
US
Holly Luka
Waggener Edstrom for AVG
+ 1 (415) 547 7054
UK
Paul Shlackman
PR Manager, SMB & Channel
+44 (0)7792 121510
ASUSWRT 3.0.0.4.376_1071 LAN Backdoor Command Execution
ASUSWRT version 3.0.0.4.376_1071 suffers from a remote command execution vulnerability. A service called “infosvr” listens on port 9999 on the LAN bridge. Normally this service is used for device discovery using the “ASUS Wireless Router Device Discovery Utility”, but this service contains a feature that allows an unauthenticated user on the LAN to execute commands less than or equal to 237 bytes as root. Source code is in asuswrt/release/src/router/infosvr. “iboxcom.h” is in asuswrt/release/src/router/shared.