HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.
Monthly Archives: August 2015
CVE-2015-5411
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2015-5412
Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-5413
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors.
USN-2722-1: GDK-PixBuf vulnerability
Ubuntu Security Notice USN-2722-1
26th August, 2015
gdk-pixbuf vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
GDK-PixBuf could be made to crash or run programs as your login if it
opened a specially crafted file.
Software description
- gdk-pixbuf
– GDK Pixbuf library
Details
Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling
bitmap images. If a user or automated system were tricked into opening a
BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
libgdk-pixbuf2.0-0
2.31.3-1ubuntu0.1
- Ubuntu 14.04 LTS:
-
libgdk-pixbuf2.0-0
2.30.7-0ubuntu1.1
- Ubuntu 12.04 LTS:
-
libgdk-pixbuf2.0-0
2.26.1-1ubuntu1.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your session to make
all the necessary changes.
References
Apple iOS Ins0mnia Flaw Revealed By FireEye
Zero-Day, Angler Kit Exploits Help Drive Up Malvertising By 325%
FreeBSD Security Advisory – IRET Handler Privilege Escalation
FreeBSD Security Advisory – If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. By causing an IRET with #SS or #NP exceptions, a local attacker can cause the kernel to use an arbitrary GS base, which may allow escalated privileges or panic the system.
FreeBSD Security Advisory – OpenSSH Issues
FreeBSD Security Advisory – A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection.
nullcon se7en Call For Papers
nullcon is an annual security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 4th through the 5th, 2016.