Resolved Bugs
1116512 – Please update to 7.0
1213070 – testdisk-7.0 is available
1036410 – [abrt] testdisk-6.14-2.fc20: strcmp: Process /usr/bin/testdisk was killed by signal 11 (SIGSEGV)
1214681 – testdisk 7.x dependency issue<br
TestDisk 7.0 fixes several stack overflows. The new photorec is faster.
qphotorec is a qt4 version of PhotoRec.
Full release notes: http://www.cgsecurity.org/wiki/TestDisk_7.0_Release
Monthly Archives: April 2015
Fedora EPEL 6 Security Update: testdisk-7.0-2.el6
Resolved Bugs
1116512 – Please update to 7.0
1214681 – testdisk 7.x dependency issue
1213070 – testdisk-7.0 is available
1036410 – [abrt] testdisk-6.14-2.fc20: strcmp: Process /usr/bin/testdisk was killed by signal 11 (SIGSEGV)<br
TestDisk 7.0 fixes several stack overflows. The new photorec is faster.
qphotorec is a qt4 version of PhotoRec.
Full release notes: http://www.cgsecurity.org/wiki/TestDisk_7.0_Release
Fedora EPEL 6 Security Update: ikiwiki-3.20150329-1.el6
Fedora EPEL 7 Security Update: mingw-curl-7.42.0-1.el7
Fedora EPEL 7 Security Update: mingw-libtiff-4.0.3-6.el7
Resolved Bugs
1190712 – CVE-2015-1547 CVE-2014-9655 mingw-libtiff: various flaws [epel-7]<br
Fix CVE-2014-9655 and CVE-2015-1547
Fedora EPEL 5 Security Update: jasper-1.900.1-15.el5
Resolved Bugs
1170654 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [epel-5]
1173162 – CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
1179282 – CVE-2014-8157 jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
1184752 – CVE-2014-8157 CVE-2014-8158 jasper: various flaws [epel-5]
1167537 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
1173157 – CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
1175763 – CVE-2014-8138 CVE-2014-8137 jasper: various flaws [epel-5]
1179298 – CVE-2014-8158 jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)<br
Fix various (mostly security related) flaws.
DSA-3236 libreoffice – security update
It was discovered that missing input sanitising in Libreoffice’s filter
for HWP documents may result in the execution of arbitrary code if a
malformed document is opened.
Fwknop Port Knocking Utility 2.6.6
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
WordPress WPshop eCommerce 1.3.9.5 Shell Upload
This Metasploit module exploits an arbitrary file upload in the WordPress WPshop eCommerce plugin versions 1.3.3.3 to 1.3.9.5. It allows you to upload arbitrary PHP code and get remote code execution. This Metasploit module has been tested successfully on WordPress WPshop eCommerce 1.3.9.5 with WordPress 4.1.3 on Ubuntu 14.04 Server.
Packet Fence 5.0.1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.