Debian Linux Security Advisory 3186-1 – It was discovered that the Mozilla Network Security Service library (nss) incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.
Monthly Archives: March 2015
Mandriva Linux Security Advisory 2015-058
Mandriva Linux Security Advisory 2015-058 – Multiple vulnerabilities has been found and corrected in the Linux kernel. The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
[ MDVSA-2015:061 ] qemu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:061 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : qemu Date : March 13, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated qemu packages fix multiple security vulnerabilities: Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service (CVE-2013-4377). Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host (CVE-2013-4544). Multiple integer overflow, input validation, logic error, and buffer overflow flaws
Google Leaks Whois Data For 280,000 Domains
Psssst: Wanna Buy A Used Spy Domain?
Terror Test Tasks Hackers With Saving London From Hacked Battleship
Swedish U-Turn On Assange Questioning
Nuke Maker's Traffic Hijacked Through Ukraine
[ MDVSA-2015:060 ] yaml
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:060 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : yaml Date : March 13, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated yaml packages fix security vulnerabilities: Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-6393). Ivan Fratric of the Google Security Team di
Obama administration seeks more power to tackle botnets
The Obama administration wants greater power to shut down botnets, responding to the growing threat of cybercrime and increasingly complex, modern techniques.
The post Obama administration seeks more power to tackle botnets appeared first on We Live Security.