Fedora EPEL 6 Security Update: seamonkey-2.28-3.ESR_31.4.0.el6

January 24, 2015 007admin

Update to the codebase of Extended Support Release (ESR) 31.4.0
Fixes various security issues, see https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html and https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html for more info

Fedora

Fedora EPEL 6 Security Update: polarssl-1.3.2-4.el6

January 24, 2015 007admin

Resolved Bugs
1184030 – CVE-2015-1182 polarssl: remote attack using crafted certificates [epel-all]
1184028 – CVE-2015-1182 polarssl: remote attack using crafted certificates<br
– Fix for CVE-2015-1182

Fedora

Fedora EPEL 6 Security Update: puppetlabs-stdlib-4.5.1-1.20150121git7a91f20.el6

January 24, 2015 007admin

Resolved Bugs
1182578 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability
1182580 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability [epel-all]<br
Security fix for CVE-2015-1029

Fedora

Fedora EPEL 5 Security Update: polarssl-1.3.2-4.el5

January 24, 2015 007admin

Security Focus

Bugtraq: [HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days

January 24, 2015 007admin

[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days

Security Focus

Bugtraq: REWTERZ-20140101 – ManageEngine ServiceDesk SQL Injection Vulnerability

January 24, 2015 007admin

REWTERZ-20140101 – ManageEngine ServiceDesk SQL Injection Vulnerability

Security Focus

Bugtraq: REWTERZ-20140102 – ManageEngine ServiceDesk Plus User Enumeration Vulnerability

January 24, 2015 007admin

REWTERZ-20140102 – ManageEngine ServiceDesk Plus User Enumeration Vulnerability

Security Focus

Bugtraq: Fwd: REWTERZ-20140103 – ManageEngine ServiceDesk Plus User Privileges Management Vulnerability

January 24, 2015 007admin

Fwd: REWTERZ-20140103 – ManageEngine ServiceDesk Plus User Privileges Management Vulnerability

Security

IC3 Releases Alert for a Scam Targeting Businesses

January 24, 2015 007admin

Original release date: January 24, 2015

The Internet Crime Complaint Center (IC3) has released an alert warning companies of a sophisticated wire payment scam dubbed the Business E-mail Compromise. Scammers use fraudulent information to trick companies into directing financial transactions into accounts they control.

Users are encouraged to review the IC3 Scam Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

Debian

DSA-3137 websvn – security update

January 23, 2015 007admin

James Clawson discovered that websvn, a web viewer for Subversion
repositories, would follow symlinks in a repository when presenting a
file for download. An attacker with repository write access could
thereby access any file on disk readable by the user the webserver
runs as.

007 Software

Monthly Archives: January 2015

Fedora EPEL 6 Security Update: seamonkey-2.28-3.ESR_31.4.0.el6

Fedora EPEL 6 Security Update: polarssl-1.3.2-4.el6

Fedora EPEL 6 Security Update: puppetlabs-stdlib-4.5.1-1.20150121git7a91f20.el6

Fedora EPEL 5 Security Update: polarssl-1.3.2-4.el5

Bugtraq: [HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days

Bugtraq: REWTERZ-20140101 – ManageEngine ServiceDesk SQL Injection Vulnerability

Bugtraq: REWTERZ-20140102 – ManageEngine ServiceDesk Plus User Enumeration Vulnerability

Bugtraq: Fwd: REWTERZ-20140103 – ManageEngine ServiceDesk Plus User Privileges Management Vulnerability

IC3 Releases Alert for a Scam Targeting Businesses

DSA-3137 websvn – security update

Software and Security Information