Ubuntu

USN-2532-1: cups-filters vulnerability

March 16, 2015 007admin

Ubuntu Security Notice USN-2532-1

16th March, 2015

cups-filters vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS

Summary

cups-filters could be made to run programs if it received specially crafted
network traffic.

Software description

cups-filters
– OpenPrinting CUPS Filters

Details

It was discovered that cups-browsed incorrectly filtered remote printer
names and strings. A remote attacker could use this issue to possibly
execute arbitrary commands.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: cups-browsed

1.0.61-0ubuntu2.1
Ubuntu 14.04 LTS:: cups-browsed

1.0.52-0ubuntu1.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-2265

Fedora

Fedora EPEL 7 Security Update: nx-libs-3.5.0.29-1.el7

March 16, 2015 007admin

Update to 3.5.0.29:
– further reduction of code size by Mike Gabriel
– ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and
/etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier
– security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396,
CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211,
CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096,
CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101,
CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo
– other (build) bug fixes
Update to 3.5.0.28:
o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller!
o Adapt X11 launchd socket path for recent Mac OS X versions.
o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros.
o Partly make nxcomp aware of nx-libs’s four-digit version string. Thanks to Nito Martinez from TheQVD project!
– Fix unowned directories
– Minor cleanup

Fedora

Fedora EPEL 6 Security Update: nx-libs-3.5.0.29-1.el6

March 16, 2015 007admin

CentOS

CEBA-2015:0687 CentOS 6 ncurses FASTTRACK BugFixUpdate

March 16, 2015 007admin

CentOS Errata and Bugfix Advisory 2015:0687 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0687.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
5d7449100c2c23593fbaf7bf5048b8e8d19295e4adb4ebc0c366b8e572cd1142  ncurses-5.7-4.20090207.el6.i686.rpm
5811c992ccefadbecbdf3b9091b1971e2e80cbd47eb8b7a1bd307d80a86f67ca  ncurses-base-5.7-4.20090207.el6.i686.rpm
6a4c8f48b9ac612a1cec834f0c64759a8430946752128c149fbe3ba355e6fd0c  ncurses-devel-5.7-4.20090207.el6.i686.rpm
fe1778ee05c4840cb27a6804e6af6d61ca6f48666560654e3cfd765fa20ff2bb  ncurses-libs-5.7-4.20090207.el6.i686.rpm
6aba879c22deeefc3e44cceaae402464e98e5c7e3928b3381ed4cfb9a02678af  ncurses-static-5.7-4.20090207.el6.i686.rpm
ac58c5073097e7ce9091aeb886a39217bcb970ae6bed985657a8ea2798405804  ncurses-term-5.7-4.20090207.el6.i686.rpm

x86_64:
a4cd0365f3fe8240e5b081597458888ebe42fbe88d0c86e87f5b48b718ca402b  ncurses-5.7-4.20090207.el6.x86_64.rpm
6254a095635de3984d426f5a133d0e961a94decd4a0018bb1a9921e51232f7dc  ncurses-base-5.7-4.20090207.el6.x86_64.rpm
6a4c8f48b9ac612a1cec834f0c64759a8430946752128c149fbe3ba355e6fd0c  ncurses-devel-5.7-4.20090207.el6.i686.rpm
d910302a6715e25345338df2e28c73984023cf057d684e804a36c999eafbf773  ncurses-devel-5.7-4.20090207.el6.x86_64.rpm
fe1778ee05c4840cb27a6804e6af6d61ca6f48666560654e3cfd765fa20ff2bb  ncurses-libs-5.7-4.20090207.el6.i686.rpm
88b5174e139c595569787ebe4750fefdfc5e047657f13df0c87b8316ff6cf956  ncurses-libs-5.7-4.20090207.el6.x86_64.rpm
80b6d9af4d96bd1966c5e9f483d4404bcda120d52b8ef04a26f50c126c8cd4fe  ncurses-static-5.7-4.20090207.el6.x86_64.rpm
b1b9d3d86f12ed366eb78345dc445c928b1de0c68b33d31a3d88bae32232c975  ncurses-term-5.7-4.20090207.el6.x86_64.rpm

Source:
f60edf25d3cc6e9cf6f9a590a869d351ceb6cae161abf3102939c678be421f55  ncurses-5.7-4.20090207.el6.src.rpm

CentOS

CEBA-2015:0685 CentOS 6 ppp FASTTRACK BugFixUpdate

March 16, 2015 007admin

CentOS Errata and Bugfix Advisory 2015:0685 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0685.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
0ad20828b1a6c19e9a40655b761086f2e565f224c7a990abfa5d47b7cebedbf2  ppp-2.4.5-10.el6.i686.rpm
73387d248609c14f5415dc50936a7458cc288250b36d2d6f002847284df597ba  ppp-devel-2.4.5-10.el6.i686.rpm

x86_64:
1529578ae9d52f1a0a6a0704a63433c095c5306e932da2ed49903f745bfd213f  ppp-2.4.5-10.el6.x86_64.rpm
73387d248609c14f5415dc50936a7458cc288250b36d2d6f002847284df597ba  ppp-devel-2.4.5-10.el6.i686.rpm
efde5d33fb58c4869e5fb3b59c6228e3d0895bf2b88858845b0f3647abe763be  ppp-devel-2.4.5-10.el6.x86_64.rpm

Source:
7ce174d7709195092680da2d43790c6d2eb4c65d2adc6445f2146f0626df685b  ppp-2.4.5-10.el6.src.rpm

CentOS

CEBA-2015:0688 CentOS 5 ksh BugFix Update

March 16, 2015 007admin

CentOS Errata and Bugfix Advisory 2015:0688 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0688.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
469c5c0ac37a37580d39afcdcfd3def1673d3d441c36d9e1b0e66989946495cd  ksh-20100621-24.el5_11.i386.rpm

x86_64:
42b9c012d966f83ecc46c58217c8f9a233342b1d7bd5308a32bc26bea9ae916b  ksh-20100621-24.el5_11.x86_64.rpm

Source:
c69aed39ffa55c263b784176afe2d540265c3c16b990b37a63fe3f02643d2683  ksh-20100621-24.el5_11.src.rpm

CentOS

CEBA-2015:0684 CentOS 5 sendmail BugFix Update

March 16, 2015 007admin

CentOS Errata and Bugfix Advisory 2015:0684 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0684.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
e1f5816abdb9405b1710883216376a316ca1cd3a4945684ae8a659f10b098213  sendmail-8.13.8-10.el5_11.i386.rpm
503030074530a254adc878021576360f195903a990e3c63b223b58e5937547ad  sendmail-cf-8.13.8-10.el5_11.i386.rpm
2297e7e267220498a60cdb25c171332128e5490b893b3647b9e7002d771afaf8  sendmail-devel-8.13.8-10.el5_11.i386.rpm
dda3fa3ed024b83a7b28d826f983fffe431269f8942a9722fbf6b9899dd07c3d  sendmail-doc-8.13.8-10.el5_11.i386.rpm

x86_64:
7b7ec0362ebecc0df91d062aa9891feebdb612d7ea8a11f68aab6e87c20db7f0  sendmail-8.13.8-10.el5_11.x86_64.rpm
098fc1ef32d56fc565bdc8c8bda9bf5a6b7b486c54f2f96718a18acc39e990b1  sendmail-cf-8.13.8-10.el5_11.x86_64.rpm
2297e7e267220498a60cdb25c171332128e5490b893b3647b9e7002d771afaf8  sendmail-devel-8.13.8-10.el5_11.i386.rpm
d211721f39c793f1a31240eef6edf6e68c6b2ffaa7105e9c5a4b257ba4bcbdf8  sendmail-devel-8.13.8-10.el5_11.x86_64.rpm
9eecf44d354847cbc688693a4f7861c776147fd374fe4e8f5c0bfa9d79b3d05a  sendmail-doc-8.13.8-10.el5_11.x86_64.rpm

Source:
62d4c53c1eaf6fc53ec17e8e4d141018cbb2c8f6bc43afba08d3d806feb5f07f  sendmail-8.13.8-10.el5_11.src.rpm

Avira

Avira In Free Security Package By Deutsche Telekom

March 16, 2015 007admin

At CeBIT in Hanover, T-Systems CEO Reinhard Clemens said: “Customers are often unsure when it comes to security software. Since the Snowden revelations, they are also anxious and asking for a ‘made in Germany’ protection solution. Deutsche Telekom wants to make it easy for as many people as possible to secure their smartphones and computers. That is why we are expanding our existing offering to include an easy-to-install package version from Germany.”

Our very own Avira Antivirus will take care of the security part of said package and protect your Windows PCs and Macs, smartphones and tablets with the iOS and Android operating systems, and servers and networks against malware, using an integrated real-time scanner. Thanks to its cloud-based scanning Avira Antivirus achieves unparalleled security and lightning fast performance. Of course it also reliably scans your downloads, folders, and hard disks.

“Avira Browser Safety” will be included in the package as well. The browser extension protects personal information when surfing the internet and blocks malicious websites as well as tracking by advertising networks, so that they can no longer track what a user is searching for or purchasing online.

The free offering is available to download with the market launch in the second quarter this year at www.telekom.de/schutzpaket. A premium version of the offering with additional functions is planned.

Further Information:

The post Avira In Free Security Package By Deutsche Telekom appeared first on Avira Blog.

ESET

Hacker holds South Korean nuclear plant to ransom

March 16, 2015 007admin

A hacker who claims to have stolen sensitive data belonging to South Korea’s nuclear power plants is demanding money to keep the information private.

The post Hacker holds South Korean nuclear plant to ransom appeared first on We Live Security.

Security

Yahoo Previews End-To-End Email Encryption Plug-In

March 16, 2015 007admin

Yahoo CISO Alex Stamos said a preview of the company’s end to end encryption plugin has been released to GitHub for review.

007 Software

Monthly Archives: March 2015

USN-2532-1: cups-filters vulnerability

Ubuntu Security Notice USN-2532-1

cups-filters vulnerability

Summary

Software description

Details

Update instructions

References

Fedora EPEL 7 Security Update: nx-libs-3.5.0.29-1.el7

Fedora EPEL 6 Security Update: nx-libs-3.5.0.29-1.el6

CEBA-2015:0687 CentOS 6 ncurses FASTTRACK BugFixUpdate

CEBA-2015:0685 CentOS 6 ppp FASTTRACK BugFixUpdate

CEBA-2015:0688 CentOS 5 ksh BugFix Update

CEBA-2015:0684 CentOS 5 sendmail BugFix Update

Avira In Free Security Package By Deutsche Telekom

Hacker holds South Korean nuclear plant to ransom

Yahoo Previews End-To-End Email Encryption Plug-In

Software and Security Information