Resolved Bugs
1183632 – CVE-2013-6892 websvn: arbitrary file access when downloads enabled for users with commit access
1183633 – CVE-2013-6892 websvn: arbitrary file access when downloads enabled for users with commit access [fedora-all]<br
Security fix for CVE-2013-6892
Monthly Archives: January 2015
Fedora 21 Security Update: clamav-0.98.6-1.fc21
Resolved Bugs
1187050 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files
1187051 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files [fedora-all]
1186634 – new version avaliable upstream<br
ClamAV 0.98.6
=============
ClamAV 0.98.6 is a bug fix release correcting the following:
* library shared object revisions.
* installation issues on some Mac OS X and FreeBSD platforms.
* includes a patch from Sebastian Andrzej Siewior making ClamAV pid files compatible with systemd.
* Fix a heap out of bounds condition with crafted Yoda’s crypter files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab.
* Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. CVE-2014-9328.
* Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.
Q4 DDoS attacks up 90% on previous quarter
The number of distributed denial-of-service attacks on websites in the final quarter of 2014 was up 90 percent on the previous quarter, according to research from Akamai Technologies.
The post Q4 DDoS attacks up 90% on previous quarter appeared first on We Live Security.
Threatpost News Wrap, January 30, 2015
Dennis Fisher and Mike Mimoso discuss the Ghost glibc vulnerability and its repercussions, the Apple iOS and OSX patches, the link between the Regin APT platform and the NSA. Plus Super Bowl predictions!
US military explores ‘cognitive fingerprints’ as alternative to passwords
Sky News reports that the United States military is investing heavily in new identify verification techniques that could replace passwords and biometric solutions for security.
The post US military explores ‘cognitive fingerprints’ as alternative to passwords appeared first on We Live Security.
Army Research Lab Releases Dshell Forensics Framework
The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time. The framework, known as Dshell, is a Python tool that runs on Linux and its designed to help analysts investigate compromises within their environments. The goal in open sourcing the framework […]
Kaspersky Lab Launches Secure QR Scanner
Fedora EPEL 7 Security Update: php-extras-5.4.16-3.el7
Mcrypt:
* Fixed possible read after end of buffer and use after free.
Fedora EPEL 5 Security Update: websvn-2.3.3-8.el5
Fedora EPEL 7 Security Update: clamav-0.98.6-1.el7
Resolved Bugs
1187050 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files
1187052 – CVE-2014-9328 clamav: heap out of bounds condition with crafted upack packer files [epel-all]
1186634 – new version avaliable upstream<br
ClamAV 0.98.6
=============
ClamAV 0.98.6 is a bug fix release correcting the following:
* library shared object revisions.
* installation issues on some Mac OS X and FreeBSD platforms.
* includes a patch from Sebastian Andrzej Siewior making ClamAV pid files compatible with systemd.
* Fix a heap out of bounds condition with crafted Yoda’s crypter files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team.
* Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab.
* Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. CVE-2014-9328.
* Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.