Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
Monthly Archives: March 2015
CVE-2015-2285
The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.
RHSA-2015:0674-1: Important: kernel security and bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-7822, CVE-2014-8159, CVE-2014-8160, CVE-2014-8369
RHBA-2015:0677-1: qemu-kvm-rhev bug fix update
Red Hat Enterprise Linux: Updated qemu-kvm-rhev packages that fixes two bugs.
RHBA-2015:0676-1: mlocate bug fix update
Red Hat Enterprise Linux: Updated mlocate packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.
The immortality of data (and people) in the digital age
In the future, everything around us will be managed by data, and those who have data will have power. So, will anonymity be possible (or desirable)?
The post The immortality of data (and people) in the digital age appeared first on We Live Security.
Obama Administration Seeks More Legal Power to Disrupt Botnets
The federal government is seeking more legal power to step in and shut down botnets through an amendment to the existing criminal law, which would allow the Department of Justice to obtain injunctions to disrupt these malicious networks. The Obama administration has proposed an amendment to existing United Stated federal law that would give it […]
USN-2525-1: Linux kernel vulnerability
Ubuntu Security Notice USN-2525-1
12th March, 2015
linux vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.04 LTS
Summary
The system could be made to crash or run programs as an administrator.
Software description
- linux
– Linux kernel
Details
It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.04 LTS:
-
linux-image-2.6.32-73-lpia
2.6.32-73.141
-
linux-image-2.6.32-73-powerpc64-smp
2.6.32-73.141
-
linux-image-2.6.32-73-generic-pae
2.6.32-73.141
-
linux-image-2.6.32-73-sparc64
2.6.32-73.141
-
linux-image-2.6.32-73-generic
2.6.32-73.141
-
linux-image-2.6.32-73-virtual
2.6.32-73.141
-
linux-image-2.6.32-73-ia64
2.6.32-73.141
-
linux-image-2.6.32-73-powerpc-smp
2.6.32-73.141
-
linux-image-2.6.32-73-versatile
2.6.32-73.141
-
linux-image-2.6.32-73-386
2.6.32-73.141
-
linux-image-2.6.32-73-powerpc
2.6.32-73.141
-
linux-image-2.6.32-73-server
2.6.32-73.141
-
linux-image-2.6.32-73-sparc64-smp
2.6.32-73.141
-
linux-image-2.6.32-73-preempt
2.6.32-73.141
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
USN-2526-1: Linux kernel vulnerability
Ubuntu Security Notice USN-2526-1
12th March, 2015
linux vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
The system could be made to crash or run programs as an administrator.
Software description
- linux
– Linux kernel
Details
It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
linux-image-3.2.0-77-omap
3.2.0-77.114
-
linux-image-3.2.0-77-powerpc64-smp
3.2.0-77.114
-
linux-image-3.2.0-77-powerpc-smp
3.2.0-77.114
-
linux-image-3.2.0-77-generic-pae
3.2.0-77.114
-
linux-image-3.2.0-77-generic
3.2.0-77.114
-
linux-image-3.2.0-77-virtual
3.2.0-77.114
-
linux-image-3.2.0-77-highbank
3.2.0-77.114
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
USN-2527-1: Linux kernel (Trusty HWE) vulnerability
Ubuntu Security Notice USN-2527-1
12th March, 2015
linux-lts-trusty vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
The system could be made to crash or run programs as an administrator.
Software description
- linux-lts-trusty
– Linux hardware enablement kernel from Trusty
Details
It was discovered that the Linux kernel’s Infiniband subsystem did not
properly sanitize its input parameters while registering memory regions
from userspace. A local user could exploit this flaw to cause a denial of
service (system crash) or to potentially gain administrative privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
linux-image-3.13.0-46-generic-lpae
3.13.0-46.79~precise1
-
linux-image-3.13.0-46-generic
3.13.0-46.79~precise1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.