Posted by Eric Flokstra on Feb 21

====================================================
Product: Easy Social Icons WordPress plugin
Vendor: CyberNetikz
Tested Version: 1.2.2
Vulnerability Type: XSS [CWE-79] and CSRF [CWE-352]
Risk Level: Medium
Solution Status: Solved in version 1.2.3
Discovered and Provided: Eric Flokstra – ITsec Security Services
====================================================
[-] About the Vendor:

Easy Social Icons is a WordPress plugin and can be used to…

Fedora

Fedora 20 Security Update: krb5-1.11.5-18.fc20

February 20, 2015 007admin

Resolved Bugs
1188869 – CVE-2014-5352 CVE-2014-9421 CVE-2014-9423 CVE-2014-9422 krb5: various flaws [fedora-all]
1179856 – CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)
1179857 – CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)
1179861 – CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)
1179863 – CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)
1145425 – CVE-2014-5351 krb5: current keys returned when randomizing the keys for a service principal
1145426 – CVE-2014-5351 krb5: current keys returned when randomizing the keys for a service principal [fedora-all]<br
Security fix for CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
Security fix for CVE-2014-5351

Fedora

Fedora 21 Security Update: krb5-1.12.2-14.fc21

February 20, 2015 007admin

Resolved Bugs
1188869 – CVE-2014-5352 CVE-2014-9421 CVE-2014-9423 CVE-2014-9422 krb5: various flaws [fedora-all]
1179856 – CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)
1179857 – CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)
1179861 – CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)
1179863 – CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)<br
Security fix for CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423

Debian

DSA-3165 xdg-utils – security update

February 20, 2015 007admin

Jiri Horner discovered a way to cause xdg-open, a tool that automatically
opens URLs in a user’s preferred application, to execute arbitrary
commands remotely.

Debian

DSA-3164 typo3-src – security update

February 20, 2015 007admin

Pierrick Caillon discovered that the authentication could be bypassed in
the Typo 3 content management system. Please refer to the upstream
advisory for additional information:

Security Focus