Resolved Bugs
1190864 – libhtp: denial of service under memory stress
1190866 – libhtp: denial of service under memory stress [fedora-all]<br
Backport an upstream patch to fix a security issue.
Monthly Archives: February 2015
DSA-3162 bind9 – security update
Jan-Piet Mens discovered that the BIND DNS server would crash when
processing an invalid DNSSEC key rollover, either due to an error on
the zone operator’s part, or due to interference with network traffic
by an attacker. This issue affects configurations with the directives
“dnssec-validation auto;” (as enabled in the Debian default
configuration) or “dnssec-lookaside auto;”.
Vuln: X.Org X Server CVE-2013-6424 Local Denial of Service Vulnerability
X.Org X Server CVE-2013-6424 Local Denial of Service Vulnerability
Vuln: X.Org X Server 'xkb/xkb.c' Information Disclosure Vulnerability
X.Org X Server ‘xkb/xkb.c’ Information Disclosure Vulnerability
Vuln: Siemens SIMATIC WinCC and PCS7 CVE-2014-4686 Privilege Escalation Vulnerability
Siemens SIMATIC WinCC and PCS7 CVE-2014-4686 Privilege Escalation Vulnerability
Vuln: Siemens SIMATIC WinCC TIA Portal Man in the Middle Information Disclosure Vulnerability
Siemens SIMATIC WinCC TIA Portal Man in the Middle Information Disclosure Vulnerability
Red Hat Security Advisory 2015-0235-01
Red Hat Security Advisory 2015-0235-01 – Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
Red Hat Security Advisory 2015-0234-01
Red Hat Security Advisory 2015-0234-01 – Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
Gentoo Linux Security Advisory 201502-13
Gentoo Linux Security Advisory 201502-13 – Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges. Versions less than 40.0.2214.111 are affected.
Tracking Malware That Uses DNS for Exfiltration
Attackers have long used distributed denial of service attacks to knock domain-name servers offline but over the last several months malware creators have taken to using DNS requests to tunnel stolen data.