Apple Security Advisory 2015-08-13-1 – Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 is now available and addresses interface spoofing, arbitrary code execution, and various other vulnerabilities.
Monthly Archives: August 2015
Red Hat Security Advisory 2015-1623-01
Red Hat Security Advisory 2015-1623-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel’s networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.
Salesforce Patches XSS on a Subdomain
Salesforce.com patched a cross-site scripting vulnerability on one of its domains that could have led to phishing attacks.
Fedora EPEL 6 Security Update: php-twig-1.20.0-1.el6
Resolved Bugs
1249259 – php-twig-v1.20.0 is available<br
## 1.20.0 (2015-08-12)
* forbid access to the Twig environment from templates and internal parts of Twig_Template
* fixed limited RCEs when in sandbox mode
* deprecated Twig_Template::getEnvironment()
* deprecated the _self variable for usage outside of the from and import tags
* added Twig_BaseNodeVisitor to ease the compatibility of node visitors between 1.x and 2.x
## 1.19.0 (2015-07-31)
* fixed wrong error message when including an undefined template in a child template
* added support for variadic filters, functions, and tests
* added support for extra positional arguments in macros
* added ignore_missing flag to the source function
* fixed batch filter with zero items
* deprecated Twig_Environment::clearTemplateCache()
* fixed sandbox disabling when using the include function
Fedora EPEL 6 Security Update: zabbix20-2.0.15-1.el6
Resolved Bugs
1202602 – logrotate configuration uses ‘su’ option, which doesn’t exit on log rotate in CentOS 6.
1251728 – /etc/logrotate.d/zabbix-agent uses unsupported su option
1178878 – CVE-2014-9450 zabbix20: zabbix: SQL injection in chart_bar.php [epel-6]<br
http://www.zabbix.com/rn2.0.15.php
Remove su directive from logrotate configuration file, that was inadvertently introduced
1178878
Fedora EPEL 7 Security Update: php-twig-1.20.0-1.el7
Resolved Bugs
1249259 – php-twig-v1.20.0 is available<br
## 1.20.0 (2015-08-12)
* forbid access to the Twig environment from templates and internal parts of Twig_Template
* fixed limited RCEs when in sandbox mode
* deprecated Twig_Template::getEnvironment()
* deprecated the _self variable for usage outside of the from and import tags
* added Twig_BaseNodeVisitor to ease the compatibility of node visitors between 1.x and 2.x
## 1.19.0 (2015-07-31)
* fixed wrong error message when including an undefined template in a child template
* added support for variadic filters, functions, and tests
* added support for extra positional arguments in macros
* added ignore_missing flag to the source function
* fixed batch filter with zero items
* deprecated Twig_Environment::clearTemplateCache()
* fixed sandbox disabling when using the include function
Fedora EPEL 7 Security Update: zabbix20-2.0.15-1.el7
Resolved Bugs
1178880 – CVE-2014-9450 zabbix20: zabbix: SQL injection in chart_bar.php [epel-7]<br
www.zabbix.com/rn2.0.15.php
Zero Day in Android’s Google Admin App Can Bypass Sandbox
The Android security team at Google is having a busy month. First the Stagefright vulnerabilities surfaced last month just before Black Hat and now researchers at MWR Labs have released information on an unpatched vulnerability that allows an attacker to bypass the Android sandbox. The vulnerability lies in the way that the Google Admin application […]
Bugtraq: Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)
Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)
Bugtraq: Re: Windows Platform Binary Table (WPBT) – BIOS PE backdoor
Re: Windows Platform Binary Table (WPBT) – BIOS PE backdoor