Ubuntu Security Notice 2592-1 – Tilmann Haak discovered that XML::LibXML incorrectly handled the expand_entities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information.
Monthly Archives: May 2015
Mandriva Linux Security Advisory 2015-224
Mandriva Linux Security Advisory 2015-224 – Ruby OpenSSL hostname matching implementation violates RFC 6125. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue.
Rombertik Malware Can Overwrite MBR if Audited
Cisco Talos reports a new strain of spyware called Rombertik that escalates its anti-detection capabilities by destroying the Master Boot Record if the code is audited.
Google Updates Password Alert Extension, But Some Bypasses Still Work
For the second time in less than a week, Google has updated its Password Alert extension for Chrome to address a method for bypassing the warning screens that alert users that they’re entering data on a non-Google site. However, the researcher who discovered the most-recent bypass method said his technique still works on the latest […]
[ MDVA-2015:010 ] timezone
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2015:010 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : timezone Date : May 4, 2015 Affected: Business Server 1.0, Business Server 2.0 _______________________________________________________________________ Problem Description: This is a maintenance and bugfix release that upgrades the timezone data packages and the php-timezonedb packages to the 2015d version. _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 1d493b57714e045b6ba324982191397e mbs1/x86_64/timezone-2015d-1.mbs1.x86_64.rpm f2073a5c328b90acbabc57bae0e1481b mbs1/x86_64/timezone-java-2015d-1.mbs1.x86_64.rpm e41aafa67d05f096cd21c7bfec1cb086 mbs1/SRPMS/timezone-2015d-1.mbs1.src.rpm Mandr
Mandriva Linux Security Advisory 2015-222
Mandriva Linux Security Advisory 2015-222 – Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.
Debian Security Advisory 3249-1
Debian Linux Security Advisory 3249-1 – Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its “title” option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.
Mandriva Linux Security Advisory 2015-221
Mandriva Linux Security Advisory 2015-221 – Multiple vulnerabilities have been found and corrected in clamav. The updated packages provides a solution for these security issues.
Debian Security Advisory 3247-1
Debian Linux Security Advisory 3247-1 – It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.
Debian Security Advisory 3248-1
Debian Linux Security Advisory 3248-1 – It was discovered that missing input saniting in Snoopy, a PHP class that simulates a web browser may result in the execution of arbitrary commands.