Red Hat Enterprise Linux: Updated sendmail packages that fix one bug are now available for Red Hat
Enterprise Linux 5.
Monthly Archives: March 2015
Yahoo Bypasses Standard Passwords With Smartphone Code
Mozilla Peers Into Processes With Student-Built Forensics Probe
A Cyber War Staged In Central London
Cops Freaked Out Congress May Impose License Plate Reader Limits
PC ECONOMICI per la SCUOLA con Windows 7 o 8.1 Professiona
Non vedi il contenuto di questa email? Clicca quì http://campaign.r20.constantcontact.com/render?ca=2d696c0a-c508-476f-9df6-b772773a59ba&c=cd9eceb0-be9c-11e4-8f99-d4ae528eb986&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986 Greetings! Questa mail è stata inviata a [email protected], da parte di [email protected] Aggiorna profilo/indirizzo e-mail http://visitor.constantcontact.com/do?p=oo&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=2d696c0a-c508-476f-9df6-b772773a59ba Rimozione istantanea con SafeUnsubscribe(TM) http://visitor.constantcontact.com/do?p=un&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=2d696c0a-c508-476f-9df6-b772773a59ba Informativa sulla privacy: http://ui.constantcontact.com/roving/it/CCPrivacyPolicy.jsp Online Marketing by Constant Contact(R) www.constantcontact.com Simpatico Network srl | Via Volta 7 | Buccinasco | 20090 | Italy
CVE-2014-9687 (ecryptfs-utils)
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
CVE-2015-0778 (opensuse, opensuse_osc)
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.
USN-2531-1: Requests vulnerability
Ubuntu Security Notice USN-2531-1
16th March, 2015
requests vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary
Requests could be made to expose cookies over the network.
Software description
- requests
– elegant and simple HTTP library for Python
Details
Matthew Daley discovered that Requests incorrectly handled cookies without
host values when being redirected. A remote attacker could possibly use
this issue to perform session fixation or cookie stealing attacks.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
python3-requests
2.3.0-1ubuntu0.1
-
python-requests
2.3.0-1ubuntu0.1
- Ubuntu 14.04 LTS:
-
python3-requests
2.2.1-1ubuntu0.2
-
python-requests
2.2.1-1ubuntu0.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2533-1: Sudo vulnerability
Ubuntu Security Notice USN-2533-1
16th March, 2015
sudo vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary
Sudo would allow unintended access to files.
Software description
- sudo
– Provide limited super user privileges to specific users
Details
Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled
the TZ environment variable. An attacker with Sudo access could possibly
use this issue to open arbitrary files, bypassing intended permissions.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
sudo-ldap
1.8.9p5-1ubuntu2.1
-
sudo
1.8.9p5-1ubuntu2.1
- Ubuntu 14.04 LTS:
-
sudo-ldap
1.8.9p5-1ubuntu1.1
-
sudo
1.8.9p5-1ubuntu1.1
- Ubuntu 12.04 LTS:
-
sudo-ldap
1.8.3p1-1ubuntu3.7
-
sudo
1.8.3p1-1ubuntu3.7
- Ubuntu 10.04 LTS:
-
sudo-ldap
1.7.2p1-1ubuntu5.8
-
sudo
1.7.2p1-1ubuntu5.8
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.