Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.
Monthly Archives: June 2015
Polish airline LOT grounded by ‘first attack of its kind’
Hackers are being blamed for an attack which grounded 1,400 passengers set to fly on Polish airline LOT.
The post Polish airline LOT grounded by ‘first attack of its kind’ appeared first on We Live Security.
CEBA-2015:1133 CentOS 6 cairo BugFix Update
CentOS Errata and Bugfix Advisory 2015:1133 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1133.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9275eb925636fd986d77b2bbc91745d053b94cf6d8fa8791b54a7c5e5cc3abee cairo-1.8.8-6.el6_6.i686.rpm abe7d1b152360a8ab0c91bdd080a6a5057c9596a5ddef7b95ce74b1e4b1c105f cairo-devel-1.8.8-6.el6_6.i686.rpm x86_64: 9275eb925636fd986d77b2bbc91745d053b94cf6d8fa8791b54a7c5e5cc3abee cairo-1.8.8-6.el6_6.i686.rpm dcdfc02d7980ed7c97f04223e98919281e1a5bd21eb31dc6e60e36102bbec4ab cairo-1.8.8-6.el6_6.x86_64.rpm abe7d1b152360a8ab0c91bdd080a6a5057c9596a5ddef7b95ce74b1e4b1c105f cairo-devel-1.8.8-6.el6_6.i686.rpm bd1fb7db77c53922d769305d8d60bd203c14ef7f9207df74e965db23963e8b88 cairo-devel-1.8.8-6.el6_6.x86_64.rpm Source: 16844fe17f9da7685100214742f27d7ff47932c78f03be2c0981cfb29ce0d00c cairo-1.8.8-6.el6_6.src.rpm
CEBA-2015:1134 CentOS 6 nfs-utils-lib BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:1134 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1134.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: e5e22dc879dc0793ef1d4bd425e2e15623d3baff7a9289c417b7ce60eff72792 nfs-utils-lib-1.1.5-9.el6_6.i686.rpm a47ebfe9a778ba5b2129259d68c0ce73856dbba76a355efa7489cc51a5da6d77 nfs-utils-lib-devel-1.1.5-9.el6_6.i686.rpm x86_64: e5e22dc879dc0793ef1d4bd425e2e15623d3baff7a9289c417b7ce60eff72792 nfs-utils-lib-1.1.5-9.el6_6.i686.rpm 5bb674c27661a7d154e1d0ff8b0fc2f79b185c494c1f73393569f91fdf173662 nfs-utils-lib-1.1.5-9.el6_6.x86_64.rpm a47ebfe9a778ba5b2129259d68c0ce73856dbba76a355efa7489cc51a5da6d77 nfs-utils-lib-devel-1.1.5-9.el6_6.i686.rpm cb16b9767369b205fcdff818d9efd3796d29cc85bc9dc95674114643221fd178 nfs-utils-lib-devel-1.1.5-9.el6_6.x86_64.rpm Source: d643abd0a7956a7b5f51e96f4fbaf455233a7362a08980bc41b1997df19ea9b5 nfs-utils-lib-1.1.5-9.el6_6.src.rpm
Attack at LOT leaves 1,400 passengers stranded
The hack happened in the afternoon and targeted the Polish flag carrier LOT. According to a report from Reuters “hackers attacked the airline ground computer systems used to issue flight plans”. The whole situation was resolved a few hours later. Nonetheless 10 national and international flights had to be canceled and even more were delayed. Luckily none of the planes or the airport itself were affected and no one got hurt. LOT took extra care to mention “that it has no influence on plane systems. Aircrafts, that are already airborne will continue their flights. Planes with flight plans already filed will return to Warsaw normally.”
The airline also made it clear that the airport itself was not affected. Once the ‘problem’ was fixed LOT issued the following press release. “The situation after the IT attack on our ground operation system is already under control. We are working on restoring the regularity as soon as possible. Our operating center is already preparing flight plans. We will try to ensure that the largest number of passengers are informed and continue commenced journeys.”
Spokesman Kubicki said that LOT is using state-of-the-art computer systems, so this could potentially be a threat to others in the industry as well.
The post Attack at LOT leaves 1,400 passengers stranded appeared first on Avira Blog.
GeniXCMS 0.0.3 Cross Site Scripting
GeniXCMS version 0.0.3 suffers from reflective and persistent cross site scripting vulnerabilities.
Fedora EPEL 7 Security Update: trafficserver-5.3.0-1.el7
Resolved Bugs
1103173 – trafficserver: insecure temporary file usage [fedora-all]
1103174 – trafficserver: insecure temporary file usage [epel-6]
1179205 – trafficserver: incorrect handling of “Max-Forwards” header [epel-7]
955127 – trafficserver package should be built with PIE flags
1102559 – Add AArch64 support to trafficserver
1179204 – trafficserver: incorrect handling of “Max-Forwards” header [fedora-21]
1133387 – CVE-2014-3525 trafficserver: unspecified flaw related to health checks fixed in versions 4.2.1.1 and 5.0.1 [epel-6]
994224 – trafficserver must be compiled with -fno-strict-aliasing, but it is not<br
https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x
Fedora EPEL 6 Security Update: trafficserver-5.3.0-1.el6
Resolved Bugs
1102559 – Add AArch64 support to trafficserver
1133387 – CVE-2014-3525 trafficserver: unspecified flaw related to health checks fixed in versions 4.2.1.1 and 5.0.1 [epel-6]
1103173 – trafficserver: insecure temporary file usage [fedora-all]
1179205 – trafficserver: incorrect handling of “Max-Forwards” header [epel-7]
1179204 – trafficserver: incorrect handling of “Max-Forwards” header [fedora-21]
994224 – trafficserver must be compiled with -fno-strict-aliasing, but it is not
1103174 – trafficserver: insecure temporary file usage [epel-6]
955127 – trafficserver package should be built with PIE flags<br
https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x
CEBA-2015:1129 CentOS 6 mysql BugFix Update
CentOS Errata and Bugfix Advisory 2015:1129 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1129.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6a054b6d1c2e935099f6c132700800ecc0a7eb26fb2845f11b7dfb91d12837a1 mysql-5.1.73-5.el6_6.i686.rpm df9217eccc375a1c482b7ab2b0b1695ba1eb80c3feddef7069201e83e15d1354 mysql-bench-5.1.73-5.el6_6.i686.rpm 8fd36b7f3fbaee040b8fadbfe6dfb2de842f46b0c5f9c91a8ee9fc7b8fae538b mysql-devel-5.1.73-5.el6_6.i686.rpm 32f292884a2cdf516f729877f388a7f15a4c2883a19baddf2a8da0c01be0c113 mysql-embedded-5.1.73-5.el6_6.i686.rpm a6fa3a975508308abb1a3ba7d9ef013ecaf8ea1921e89cc8d7075c2726e30bb8 mysql-embedded-devel-5.1.73-5.el6_6.i686.rpm df3c62f47d6e40ddc6d024b064d52935432a73920ddb04b51dae5f7a30dd2412 mysql-libs-5.1.73-5.el6_6.i686.rpm 822b359baf37f1d34a500db27bc57d570c2c29418a9cc98bfa07b089f3fbe22c mysql-server-5.1.73-5.el6_6.i686.rpm 9996917071126dc65bafc32f48daeaffcf258ebe715064f39df904f998fb4adf mysql-test-5.1.73-5.el6_6.i686.rpm x86_64: 8f5711310198700f3d6e62f0a940d2835c40efd6eae8eebfa458923c21d403de mysql-5.1.73-5.el6_6.x86_64.rpm 596b55d760e50218163b6f7624bc2078fadc14a841dd46ffe707b8b68bd5d7d9 mysql-bench-5.1.73-5.el6_6.x86_64.rpm 8fd36b7f3fbaee040b8fadbfe6dfb2de842f46b0c5f9c91a8ee9fc7b8fae538b mysql-devel-5.1.73-5.el6_6.i686.rpm 65425f99abc4bc78e8f3686b2e2929487f86711e1d852ae25cd9ce49b0621f96 mysql-devel-5.1.73-5.el6_6.x86_64.rpm 32f292884a2cdf516f729877f388a7f15a4c2883a19baddf2a8da0c01be0c113 mysql-embedded-5.1.73-5.el6_6.i686.rpm 162ca8230d9765e02e2b1408ea4175c6cbd5ec995e563bbce1ca2d5df901ff9e mysql-embedded-5.1.73-5.el6_6.x86_64.rpm a6fa3a975508308abb1a3ba7d9ef013ecaf8ea1921e89cc8d7075c2726e30bb8 mysql-embedded-devel-5.1.73-5.el6_6.i686.rpm 640c0b911f3506e7e514dc3d188c055609e9880d7f613072cb1614ec4cf58b5f mysql-embedded-devel-5.1.73-5.el6_6.x86_64.rpm df3c62f47d6e40ddc6d024b064d52935432a73920ddb04b51dae5f7a30dd2412 mysql-libs-5.1.73-5.el6_6.i686.rpm 8d301fd399dd0cfe5e2dd8bce6d2436d04aa2b78278d0ae7b0c5ea4c4447a659 mysql-libs-5.1.73-5.el6_6.x86_64.rpm 6c9c7f112ab5997105d01aed40f649c4787a5114440ae591e6d32cffdf603ec6 mysql-server-5.1.73-5.el6_6.x86_64.rpm 9b1598c915608be22d1fdc49118949f8898ce1fd352b23f140e307af8c5bda74 mysql-test-5.1.73-5.el6_6.x86_64.rpm Source: af85adaca3f3464debd128940223e349dcbedd85d0bd956d9b9f0a6449a20787 mysql-5.1.73-5.el6_6.src.rpm
Ubuntu Patches Privilege-Escalation Bug
There is a privilege-escalation vulnerability in several versions of Ubuntu that results from the fact that the operating system fails to check permissions when users are creating files in some specific circumstances.