Red Hat Enterprise Linux: Red Hat Certificate System 8.1 Advanced Access is now available.
This update to Red Hat Certificate System fixes bugs and is meant as an errata
which is applied on top of Red Hat Certificate System 8.1.5.
Monthly Archives: May 2015
CVE-2015-0750
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.
USN-2617-2: NTFS-3G vulnerability
Ubuntu Security Notice USN-2617-2
22nd May, 2015
ntfs-3g vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
Summary
NTFS-3G could be made to overwrite files as the administrator.
Software description
- ntfs-3g
– read/write NTFS driver for FUSE
Details
USN-2617-1 fixed a vulnerability in FUSE. This update provides the
corresponding fix for the embedded FUSE copy in NTFS-3G.
Original advisory details:
Tavis Ormandy discovered that FUSE incorrectly filtered environment
variables. A local attacker could use this issue to gain administrative
privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
ntfs-3g
1:2014.2.15AR.3-1ubuntu0.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
DSA-3271 nbd – security update
Tuomas Räsänen discovered that unsafe signal handling in nbd-server, the
server for the Network Block Device protocol, could allow remote
attackers to cause a deadlock in the server process and thus a denial of
service.
DSA-3272 ipsec-tools – security update
Javantea discovered a NULL pointer dereference flaw in racoon, the
Internet Key Exchange daemon of ipsec-tools. A remote attacker can use
this flaw to cause the IKE daemon to crash via specially crafted UDP
packets, resulting in a denial of service.
AIEngine 1.2
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
Debian Security Advisory 3270-1
Debian Linux Security Advisory 3270-1 – Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
TCPDF Library 5.9 Arbitrary File Deletion
TCPDF library versions 5.9 and below suffer from an arbitrary file deletion vulnerability via object injection.
Broken, Abandoned, and Forgotten Code, Part 5
Posted by Zach C on May 22
Part 5 is up. In this and the next several parts we start analyzing
the structure of Netgear R6200 firmware updates. We switch over to the
HTTP daemon because it’s less broken and a little easier to analyze
than upnpd.
The overall goal is to reverse engineer the firmware format so we can
generate a malicious firmware image to use when exploiting the
SetFirmware SOAP action described in parts 1-4.
Binary patching, emulating with QEMU, and…
call for paper(information retrieval, privacy)
Posted by Hongkai Wu on May 22
Workshop on Privacy-Preserving Information Retrieval, held in conjunction
with the ACM SIGIR conference (August 13, 2015; Santiago de Chile)
Submission Deadline: June 5, 2015.
Acceptance Notifications: June 15, 2015
Camera-ready Deadline: June 22, 2015
Workshop: August 13, 2015
Submission types: Long papers (max. 4 pages in ACM SIG format),
Position papers (max. 2 pages in ACM SIG format)
Workshop format: Keynote speech, paper presentations,…