Resolved Bugs
1207741 – CVE-2015-2752 xen: long latency MMIO mapping operations are not preemptible (xsa125) [fedora-all]
1207738 – CVE-2015-2756 xen: unmediated PCI command register access in qemu (xsa126) [fedora-all]
1203737 – CVE-2015-2756 xen: unmediated PCI command register access in qemu (xsa126)
1207739 – CVE-2015-2751 xen: certain domctl operations may be abused to lock up the host [fedora-all]
1203732 – CVE-2015-2752 xen: long latency MMIO mapping operations are not preemptible (xsa125)
1203745 – CVE-2015-2751 xen: certain domctl operations may be abused to lock up the host<br
Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752]
Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756]
Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751]
update to xen-4.3.4
Monthly Archives: April 2015
Fedora 20 Security Update: mingw-libtasn1-3.8-2.fc20
Fedora 21 Security Update: firefox-37.0-2.fc21
Update to latest upstream – 37.0
Google clean-up targets malicious ad injectors
Google has received more than 100,000 complaints this year regarding unwanted ad injectors that have infected browsers.
The post Google clean-up targets malicious ad injectors appeared first on We Live Security.
[ MDVSA-2015:191 ] owncloud
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:191 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : owncloud Date : April 1, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in owncloud: * Multiple stored XSS in contacts application (oC-SA-2015-001) * Multiple stored XSS in documents application (oC-SA-2015-002) * Bypass of file blacklist (oC-SA-2015-004) The updated packages have been upgraded to the 7.0.5 version where these security flaws has been fixed. _______________________________________________________________________ References: https://owncloud.org/changelog/ https://owncloud.org/security/advisory/?id=oc-sa-2015
[ MDVSA-2015:190 ] owncloud
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:190 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : owncloud Date : April 1, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in owncloud: * Login bypass when using user_ldap due to unauthenticated binds (oC-SA-2014-020) * Login bypass when using the external FTP user backend (oC-SA-2014-022) * CSRF in bookmarks application (oC-SA-2014-027) * Stored XSS in bookmarks application (oC-SA-2014-028) * Multiple stored XSS in contacts application (oC-SA-2015-001) * Multiple stored XSS in documents application (oC-SA-2015-002) * Bypass of file blacklist (oC-SA-2015-004) The upd
[ MDVA-2015:004 ] openldap
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2015:004 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : openldap Date : April 1, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: The slapd service is stopped during the package upgrade to perform upgrade on the OpenLDAP DB. The service wasn't restarted after the upgrade if the service was running before. This update fixes this issue. _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: d873f95de0118fc37153a0567ea2b7c6 mbs2/x86_64/lib64ldap2.4_2-2.4.40-1.1.mbs2.x86_64.rpm 2a1d58a3edd8c0607feca91ce3cf842a mbs2/x86_64/lib64ldap2.4_2-devel-2.4.40-1.1.mbs2.x86_64.rpm 6cb9f
Easter Social Media Safety: video guides
Despite the holiday season though, you can’t guarantee that hackers and cybercriminals won’t be on the hunt for weak and vulnerable social media slip ups, so what better time to give a refresher on social media safety than now?
The post Easter Social Media Safety: video guides appeared first on We Live Security.
[ MDVSA-2015:189 ] tor
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:189 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tor Date : April 1, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tor packages fix security vulnerabilities: The tor package has been updated to version 0.2.4.26, which fixes possible crashes that may be remotely trigger-able, which would result in a denial of service, and also fixes a few other bugs. See the release announcement for details. _______________________________________________________________________ References: http://advisories.mageia.org/MGASA-2015-0124.html _______________________________________________________________________ Updated Packages: Mandriva Busi
[ MDVSA-2015:188 ] flac
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:188 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : flac Date : April 1, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in flac: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file (CVE-2014-9028). Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file (CVE-2014-8962). The updated packages provides a solution for these security issues. ______________________________________________________________