FancyFon FAMOC version 3.16.5 suffers from a remote SQL injection vulnerability.

Qualys Security Advisory – During a code audit performed internally at Qualys, they discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so they decided to analyze it — and its impact — thoroughly, and named this vulnerability “GHOST”.

Red Hat Security Advisory 2015-0092-01 – The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

The Syrian Electronic Army SEANux linux distro version 1.0 suffers from a remote code execution vulnerability.

The WebKitGTK+ 2.4 series suffers from buffer overflow, code execution, memory corruption, sandbox bypass, and denial of service vulnerabilities.

Exploit for remotely changing DNS settings on the D-Link DSL-2740R router.

The 0x90 International Cyber Security Conference has announced its Call For Papers. It will be help March 14th, 2015 in Chennai.

Red Hat Security Advisory 2015-0091-01 – Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.0 serves as a replacement for Red Hat JBoss Data Grid 6.3.1. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.0 Release Notes.

Debian Linux Security Advisory 3141-1 – Multiple vulnerabilities were discovered in the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial of service.

Debian Linux Security Advisory 3142-1 – Several vulnerabilities have been fixed in eglibc, Debian’s version of the GNU C library.