Monthly Archives: April 2015

CentOS

CEEA-2015:0913 CentOS 6 tzdata Enhancement Update

CentOS Errata and Enhancement Advisory 2015:0913 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0913.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
17d079889c081ec38565a95ed34c0d5063b643d97d79da7f421ee423d324f547  tzdata-2015d-1.el6.noarch.rpm
29c5ce7a9f8b50743ee0d1d665525a2110eb6d6cc9a6e86289614d1b6b34fa34  tzdata-java-2015d-1.el6.noarch.rpm

x86_64:
17d079889c081ec38565a95ed34c0d5063b643d97d79da7f421ee423d324f547  tzdata-2015d-1.el6.noarch.rpm
29c5ce7a9f8b50743ee0d1d665525a2110eb6d6cc9a6e86289614d1b6b34fa34  tzdata-java-2015d-1.el6.noarch.rpm

Source:
36b196f2a6dd2f589917ae18efc38dab3b36849075569f1d0406533add310161  tzdata-2015d-1.el6.src.rpm
Full Disclosure

libarchive – Out of bounds read using malformed cpio archive

Posted by Paris Zoumpouloglou on Apr 28

== Background ==

libarchive is a library for manipulating different streaming archive
formats, including certain tar variants, several cpio formats, and both
BSD and GNU ar variants.

== Affected software ==

bsdtar

== Version ==

All tests were performed using commit
296efb3db188fa4bf7b0e7b5c61d404f9145f0ab

== Description ==

Initial fuzzing was performed using afl-fuzzer

Using a crafted tar file bsdtar can perform an out-of-bounds memory…

Full Disclosure

Wing FTP Server Admin 4.4.5 CSRF & XSS Vulnerabilties

Posted by John Page on Apr 28

Document Title:
===============
Wing FTP Server Admin 4.4.5 – CSRF & Cross Site Scripting Vulnerabilities

Release Date:
=============
2015-04-28

apparitionsec ID (AS-ID):
====================================
AS-WFTP0328

Common Vulnerability Scoring System:
====================================
Overall CVSS Score 8.9

Product:
===============================
Wing FTP Server is a Web based administration FTP client that supports
following…