Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Monthly Archives: February 2015
TrueCrypt Audit Stirs Back To Life
The organizers of the TrueCrypt audit expect the cryptanalysis of the open source encryption software to begin shortly; phase two will be handled by NCC Group’s Cryptography Services practice.
CEBA-2015:0239 CentOS 6 bacula FASTTRACK BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:0239 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0239.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: de15a060812e939050e6d9672e167f81ed6474aba93d283dea0f07a176951407 bacula-client-5.0.0-13.el6.i686.rpm 7b7cf7787f231dd81934d08ac1da93204d84f9c1c772ae8f13dd7ee3bffaa275 bacula-common-5.0.0-13.el6.i686.rpm 7acfcc0f037cc785ecb3cad3b592269ab877718d3f30207afddd3eed6144ae04 bacula-console-5.0.0-13.el6.i686.rpm 739fd1151f5c701b2f9e2630ed4fd8f9adb311d01f912dbe41658ba461937c08 bacula-console-bat-5.0.0-13.el6.i686.rpm 72b9216b94a213875d510b1a3cd8fb8edf33870735bb95086b050e3fff7465fc bacula-director-common-5.0.0-13.el6.i686.rpm 8c50640206e9970ac0ec91c477ec8cc720e60ad25e8974e1576c0721b2527d79 bacula-director-mysql-5.0.0-13.el6.i686.rpm 3af3fb8c2843e52a186eb161145407ed74ea4092c3e6e00a4b23f6bb85686bc2 bacula-director-postgresql-5.0.0-13.el6.i686.rpm 72f79d3785027526cbc8d83dcd56e872bf110bba551fc488fc01eebba4a0fe89 bacula-director-sqlite-5.0.0-13.el6.i686.rpm ef90b643d1182abfb46996e7452dadb3ef8048705b929170b3fd53de256eec3f bacula-docs-5.0.0-13.el6.i686.rpm 56208a38d396236e82d47ae3c55383bf6aa1b01100af6bd3f585973efa36d7ef bacula-storage-common-5.0.0-13.el6.i686.rpm 330df06273fa366c000424a2edb854a4267de3115f346a587442a7fd014dafa9 bacula-storage-mysql-5.0.0-13.el6.i686.rpm 1766b149bf12987263f2ba54daf65d7be2c3169d61735fa83e791fba801e3cb6 bacula-storage-postgresql-5.0.0-13.el6.i686.rpm 2bf1b3e3beb84f2bc6c479f8c9771ca536b3b9b1925919cc29e9fd461877ed31 bacula-storage-sqlite-5.0.0-13.el6.i686.rpm 73fb449c8fccfbe41c988a9d787738814be4f17dc670752823a4b997e2b605f2 bacula-traymonitor-5.0.0-13.el6.i686.rpm x86_64: d9f85bcae3044c97b6cc42a20b943346c33826aed1c7eb53c89902894288f6fa bacula-client-5.0.0-13.el6.x86_64.rpm f3f11086dc9c3d88258f01dcf8f7d39697f16339b684495a6c9aac7289176b57 bacula-common-5.0.0-13.el6.x86_64.rpm 8247f17e2635f1685dad0cddad2d3f0b2a76fa39f19839630b48611df32b8eaf bacula-console-5.0.0-13.el6.x86_64.rpm f63a36bbb12863cc47a62e8a6fd1d027f30e1841a538f38ce5a19e390d3aac5c bacula-console-bat-5.0.0-13.el6.x86_64.rpm 5340a8844337798c7f109b6cd7588e94c70a8b4a5a0522935bc5a49982002026 bacula-director-common-5.0.0-13.el6.x86_64.rpm 531af786debab948ec3f4fd9e3e8291354884bcb1ee78df28d6c6d73ebd3e217 bacula-director-mysql-5.0.0-13.el6.x86_64.rpm b003c19bf40ff2881c68e2a1d2bc74521a8bcf285b7e384dde9ba7bdf753a2a5 bacula-director-postgresql-5.0.0-13.el6.x86_64.rpm 04e5e31c3d09c5540b4a2f39c12cf36a01ecf0458d6eae7d5e82f34b9f6b13bc bacula-director-sqlite-5.0.0-13.el6.x86_64.rpm f635403f1e0b4b6ef2cd6769ad9b983229522c51ff8cc42274c97d221278f50d bacula-docs-5.0.0-13.el6.x86_64.rpm a6c52feabbdf6338e8b890a48de734f4a7c021124e5fee5768206206611089c3 bacula-storage-common-5.0.0-13.el6.x86_64.rpm c5326237e48c34ee4a519c2360d92209b2f7913c63d7234fd66d5d1535ddbbf3 bacula-storage-mysql-5.0.0-13.el6.x86_64.rpm e2ff9b16dde8b610d84f7176aca25fcb47ee72ef9e1fd607f2e4978a6906762c bacula-storage-postgresql-5.0.0-13.el6.x86_64.rpm 7781c525bad4968f2711d165191d3fd72923438de95f4fe710ec7ecd860ec72b bacula-storage-sqlite-5.0.0-13.el6.x86_64.rpm 4e2d9cbe88f48f250d5c63858ad1b0c1229fc0b69eb53b5dbabd5ebfd65c8af6 bacula-traymonitor-5.0.0-13.el6.x86_64.rpm Source: c586baedf6c21c21de183f6780b0171ae6da55d19bf083c29445446d4fdd1fea bacula-5.0.0-13.el6.src.rpm
CEBA-2015:0245 CentOS 6 resource-agents BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:0245 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0245.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 7b58c2f6d8a969dbef9cad7891d6dc954cce975c38d8f79f3e8b686db4bf323d resource-agents-3.9.5-12.el6_6.4.i686.rpm x86_64: 8b8f1c276c1bead587dca1315832a6cf3fc8fa17e0b1ec849873a0a0da33a940 resource-agents-3.9.5-12.el6_6.4.x86_64.rpm f9a8ca9603308e441aa638100e8a6dc62e6949832165106ae5dfbf9fac7b7ee1 resource-agents-sap-3.9.5-12.el6_6.4.x86_64.rpm Source: 9cb570f24c7706e768ce53f78400ab531ab7aa6f3eb1bb8ce75ce52bf069557f resource-agents-3.9.5-12.el6_6.4.src.rpm
CEBA-2015:0240 CentOS 6 at FASTTRACK BugFix Update
CentOS Errata and Bugfix Advisory 2015:0240 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0240.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 74722015232f25343dd37af315fb12a75d2a9a3f28a934b6a63cd37b9a177f83 at-3.1.10-48.el6.i686.rpm x86_64: 1ee32b22836d4364457be8480e974c0ac395a0525b5e1a847f3dd78dcd3bee4e at-3.1.10-48.el6.x86_64.rpm Source: 1ed3b094ee9c07a067ac1b7a36a4b5350cfceab5e76b155a0b9bfa0513c44732 at-3.1.10-48.el6.src.rpm
CEBA-2015:0244 CentOS 6 busybox BugFix Update
CentOS Errata and Bugfix Advisory 2015:0244 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0244.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 8a65b7fef64f6cf48889b896f6a47c0ed4503b0ec7aeed2b2515972ededcd1b7 busybox-1.15.1-21.el6_6.i686.rpm c01c8f78c58ebe47136902d76f959f2ccb5da9414e72511445711ef8983cc33d busybox-petitboot-1.15.1-21.el6_6.i686.rpm x86_64: 68189894c6f04cc2862e4c37f03d191e7eee3c2a72e412203e1b8ee93e0e9599 busybox-1.15.1-21.el6_6.x86_64.rpm 2acdc4229d7fa197fea79c072129e1b9e200694d9d08db9e3fea054f0f244eb9 busybox-petitboot-1.15.1-21.el6_6.x86_64.rpm Source: 68a8fe0335f9ba1fc6905cd66259bd9b953e5b0c86555bd7101e047ed7114972 busybox-1.15.1-21.el6_6.src.rpm
Debian Security Advisory 3162-1
Debian Linux Security Advisory 3162-1 – Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator’s part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives “dnssec-validation auto;” (as enabled in the Debian default configuration) or “dnssec-lookaside auto;”.
Debian Security Advisory 3163-1
Debian Linux Security Advisory 3163-1 – It was discovered that LibreOffice, an office productivity suite, could try to write to invalid memory areas when importing malformed RTF files. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTF files.
4images Cross Site Scripting / Clickjacking
4images suffers from cross site scripting and clickjacking vulnerabilities.
Mediafire Open Redirect
Mediafire suffered from an open redirect vulnerability.