Resolved Bugs
1232973 – drupal7-feeds-2.0-alpha9 is available<br
https://www.drupal.org/project/cck
Monthly Archives: July 2015
Internet Systems Consortium (ISC) Releases Security Updates for BIND
Original release date: July 28, 2015
ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition.
Updates available include:
- BIND 9-version 9.9.7-P2
- BIND 9-version 9.10.2-P3
Users and administrators are encouraged to review ISC Knowledge Base Article AA-01272 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Fedora 21 Security Update: bzr-2.6.0-7.fc21
Fedora 22 Security Update: bzr-2.6.0-8.fc22
Fedora 21 Security Update: mantis-1.2.19-3.fc21
Resolved Bugs
1237199 – CVE-2015-5059 mantis: information disclosure due to too wide $g_view_proj_doc_threshold permission
1237200 – CVE-2015-5059 mantis: information disclosure due to too wide $g_view_proj_doc_threshold permission [fedora-all]
1237201 – CVE-2015-5059 mantis: information disclosure due to too wide $g_view_proj_doc_threshold permission [epel-all]<br
Security fix for CVE-2015-5059
Fedora 22 Security Update: mantis-1.2.19-3.fc22
Resolved Bugs
1237199 – CVE-2015-5059 mantis: information disclosure due to too wide $g_view_proj_doc_threshold permission
1237200 – CVE-2015-5059 mantis: information disclosure due to too wide $g_view_proj_doc_threshold permission [fedora-all]
1237201 – CVE-2015-5059 mantis: information disclosure due to too wide $g_view_proj_doc_threshold permission [epel-all]<br
Security fix for CVE-2015-5059
Fedora 21 Security Update: openssh-6.6.1p1-14.fc21
Fedora 22 Security Update: openssh-6.9p1-3.fc22
‘Stagefright’ Android Vulnerability
Original release date: July 28, 2015
Android devices running Android versions 2.2 through 5.1.1_r4 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device.
Users and administrators are encouraged to review Vulnerability Note VU#924951 for more information. US-CERT recommends affected Android users contact their wireless carrier or device manufacturer for a software update.
This product is provided subject to this Notification and this Privacy & Use policy.
CSRF and XSS vulnerabilities in D-Link DCS-2103
Posted by MustLive on Jul 28
Hello list!
There are Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities in D-Link DCS-2103 (IP camera).
————————-
Affected products:
————————-
Vulnerable is the next model: D-Link DCS-2103, Firmware 1.0.0. Version 1.20
and previous versions also must be vulnerable.
———-
Details:
———-
Cross-Site Request Forgery (WASC-09):
CSRF vulnerabilities in all sections of admin panel. E.g….