Resolved Bugs
1181045 – CVE-2015-1191 pigz: directory traversal vulnerability
1181047 – pigz: directory traversal vulnerability [epel-all]<br
Update to 2.3.3, fixes CVE-2015-1191:
– Return zero exit code when only warnings are issued
– Increase speed of unlzw (Unix compress decompression)
– Update zopfli to current google state
– Allow larger maximum blocksize (-b), now 512 MiB
– Do not require that -d precede -N, -n, -T options
– Strip any path from header name for -dN or -dNT
– Remove use of PATH_MAX (PATH_MAX is not reliable)
– Do not abort on inflate data error, do remaining files
– Check gzip header CRC if present
– Improve decompression error detection and reporting
Monthly Archives: January 2015
ZeroCMS 1.3.3 SQL Injection
ZeroCMS versions 1.3.3 and below suffer from a remote SQL injection vulnerability.
CEBA-2015:0106 CentOS 6 libvirt BugFix Update
CentOS Errata and Bugfix Advisory 2015:0106 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0106.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ea5d48d18878658b540b1f263cf5c6b5275816eef56592f2ad1ea81435a0856c libvirt-0.10.2-46.el6_6.3.i686.rpm c70aef109c73e5a2ea4a1aacd8f994ce082038b7bbf68b78e7463a5295edcf46 libvirt-client-0.10.2-46.el6_6.3.i686.rpm ae2a478f26b7556fb67a280eb9609e62d30bfbb103b691a8bdaff359fa82688f libvirt-devel-0.10.2-46.el6_6.3.i686.rpm e7426898e565a6d173aac3b2f1f22eb24aebbe865923d8d509ccba7fc9391d7a libvirt-python-0.10.2-46.el6_6.3.i686.rpm x86_64: 77ccd05d7ff093dcf14d1f57628df7912754178f02a613ea87ab905114806110 libvirt-0.10.2-46.el6_6.3.x86_64.rpm c70aef109c73e5a2ea4a1aacd8f994ce082038b7bbf68b78e7463a5295edcf46 libvirt-client-0.10.2-46.el6_6.3.i686.rpm 17bfed0bfd3305f1464fa7d145ff7b000f8c720108c2857e8c7799fea0624d54 libvirt-client-0.10.2-46.el6_6.3.x86_64.rpm ae2a478f26b7556fb67a280eb9609e62d30bfbb103b691a8bdaff359fa82688f libvirt-devel-0.10.2-46.el6_6.3.i686.rpm 6c412b887b82b69bbafde5d005c9417f2d256b54aa5a32994813d25fee75473a libvirt-devel-0.10.2-46.el6_6.3.x86_64.rpm 28897e103ff2f7dc7bba07ddde217df7958906df861d8f73e8228e15538d69ac libvirt-lock-sanlock-0.10.2-46.el6_6.3.x86_64.rpm f25e4b29c8ad46f97f6ae2a07db51d5f907d550b2285d5e7bef495e594edc558 libvirt-python-0.10.2-46.el6_6.3.x86_64.rpm Source: 2012ad82ddfcda7d4989f299888e1f6c58812680bfd033130d1c246690575507 libvirt-0.10.2-46.el6_6.3.src.rpm
DzHack Event 2015 Call For Papers
The DzHack Event 2015 Call For Papers has been announced. It is a security event that will be held May 9, 2015 at the CBA Sonelgaz Training Center – Benaknoun, Algiers, Algeria. The event will contain conferences, workshops, and a challenge (CTF).
Bugtraq: ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability
ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability
Bugtraq: [SECURITY] [DSA 3146-1] requests security update
[SECURITY] [DSA 3146-1] requests security update
Bugtraq: [SECURITY] [DSA 3147-1] openjdk-6 security update
[SECURITY] [DSA 3147-1] openjdk-6 security update
Bugtraq: [security bulletin] HPSBOV03226 rev.2 – HP TCP/IP Services for OpenVMS, BIND 9 Server Resolver, Multiple Remote Vulnerabilities
[security bulletin] HPSBOV03226 rev.2 – HP TCP/IP Services for OpenVMS, BIND 9 Server Resolver, Multiple Remote Vulnerabilities
SIPhone Enterprise PBX SQL Injection
SIPhone Enterprise PBX suffers from a remote SQL injection vulnerability that allows for authentication bypass.
RHBA-2015:0106-1: libvirt bug fix update
Red Hat Enterprise Linux: Updated libvirt packages that fix one bug are now available for Red Hat
Enterprise Linux 6.