Several vulnerabilities were discovered in cURL, an URL transfer library:
Monthly Archives: April 2015
Bugtraq: [SECURITY] [DSA 3231-1] subversion security update
[SECURITY] [DSA 3231-1] subversion security update
Bugtraq: Stored Cross Site Scripting Vulnerability in Add Link to Facebook WordPress Plugin
Stored Cross Site Scripting Vulnerability in Add Link to Facebook WordPress Plugin
Bugtraq: Reflected XSS Vulnerability In Manage Engine Firewall Analyzer
Reflected XSS Vulnerability In Manage Engine Firewall Analyzer
Bugtraq: Reflected XSS Vulnerability In Manage Engine Event Log Analyzer
Reflected XSS Vulnerability In Manage Engine Event Log Analyzer
Linux ASLR mmap weakness: Reducing entropy by half
Posted by Hector Marco-Gisbert on Apr 21
A bug in Linux ASLR implementation has been found. The issue is that the mmap
base address for processes is not properly randomized on some architectures due
to an improper bit-mask manipulation. Affected systems have reduced the mmap
area entropy of the processes by half.
The number of possible locations are reduced by 50%, which for example will
reduce the cost of brute force attacks.
PowerPC, Sparc64 and ARM have 18 bits of entropy….
AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%
Posted by Hector Marco-Gisbert on Apr 21
A security issue in Linux ASLR implementation which affects some AMD processors
has been found. The issue affects to all Linux process even if they are not
using shared libraries (statically compiled).
The problem appears because some mmapped objects (VDSO, libraries, etc.) are
poorly randomized in an attempt to avoid cache aliasing penalties for AMD
Bulldozer (Family 15h) processors.
Affected systems have reduced the mmapped files entropy…
Microsoft Data Shows Drop in Remote Code Execution Bugs Being Exploited
SAN FRANCISCO–One of the downsides to being a software company with a huge customer base is that your products are going to be prime targets for attackers. But the flip side to that coin is that you’re going to gather a lot of data about vulnerabilities and attacks. Microsoft has been collecting that data for […]
Mozilla Releases Security Update for Firefox
Original release date: April 21, 2015
The Mozilla Foundation has released Firefox 37.0.2 to address a vulnerability that may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Firefox Security Advisory and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
RHSA-2015:0868-1: Important: qemu-kvm-rhev security and bug fix update
Red Hat Enterprise Linux: Updated qemu-kvm-rhev packages that fix one security issue and one bug are
now available for Red Hat Enterprise Virtualization.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-8106