SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities
Monthly Archives: July 2015
The NSA Will Destroy The Bulk Phone Records It Collected
LinkedIn Users Rebel After Personal Data Siphon Crimped
Cybercrime Forum Darkode Returns With Security, Admins Intact
AI Weapons Are A Threat To Humanity, Warn Hawking, Musk, And Wozniak
MD5: The broken algorithm
When you have to work with thousands of files per day, it is generally a good idea to generate a hash of a file that would identify it on a unique way. A hash function is any function that can be used to map digital data of arbitrary size to digital data of fixed size.
The post MD5: The broken algorithm appeared first on Avira Blog.
NSA Says It Will End Access to 215 Records in November
The National Security Agency says that once its legal authority to conduct Section 215 bulk telephone surveillance ends on Nov. 29, its analysts no longer will be allowed to access the database that holds all of the collected Section 215 records. In May, an appeals court ruled that bulk telephone metadata collection as performed by […]
RHSA-2015:1507-1: Important: qemu-kvm security and bug fix update
Red Hat Enterprise Linux: Updated qemu-kvm packages that fix two security issues and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-3214, CVE-2015-5154
How do spammers get your email address?
For more tips on online security and privacy, check out the AVG Academy YouTube channel.
USN-2686-1: Apache HTTP Server vulnerabilities
Ubuntu Security Notice USN-2686-1
27th July, 2015
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in the Apache HTTP server.
Software description
- apache2
– Apache HTTP server
Details
It was discovered that the Apache HTTP Server incorrectly parsed chunk
headers. A remote attacker could possibly use this issue to perform HTTP
request smuggling attacks. (CVE-2015-3183)
It was discovered that the Apache HTTP Server incorrectly handled the
ap_some_auth_required API. A remote attacker could possibly use this issue
to bypass intended access restrictions. This issue only affected Ubuntu
14.04 LTS and Ubuntu 15.04. (CVE-2015-3185)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
apache2.2-bin
2.4.10-9ubuntu1.1
- Ubuntu 14.04 LTS:
-
apache2.2-bin
2.4.7-1ubuntu4.5
- Ubuntu 12.04 LTS:
-
apache2.2-bin
2.2.22-1ubuntu1.10
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.