buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
Monthly Archives: September 2015
CVE-2015-5986
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.
CVE-2015-6276
Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501.
DSA-3353 openslp-dfsg – security update
Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an
implementation of the IETF Service Location Protocol. This could allow
remote attackers to cause a denial of service (crash).
APPLE-SA-2015-09-03-1 OS X: Flash Player plug-in blocked
From: Apple Product Security
Reply to list
APPLE-SA-2015-09-03-1 OS X: Flash Player plug-in blocked Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 18.0.0.232. Information on blocked web plug-ins will be posted to: https://support.apple. [...]
Bugtraq: Oracle Hyperion password disclosure…
Oracle Hyperion password disclosure…
Bugtraq: Defense in depth — the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
Defense in depth — the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
Bugtraq: Avira Mobile Security iOS Application – Cleartext Credentials Vulnerability
Avira Mobile Security iOS Application – Cleartext Credentials Vulnerability
Bugtraq: Webroot SecureAnywhere Mobile Protection – MITM SSL Certificate Vulnerability
Webroot SecureAnywhere Mobile Protection – MITM SSL Certificate Vulnerability
RHSA-2015:1623-2: Important: kernel security and bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix two security issues and several bugs are
now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
[Updated 3 September 2015]
This advisory has been updated to push packages into the Red Hat Enterprise
Linux 6 Client channels. The packages included in this revised update have
not been changed in any way from the packages included in the original
advisory.
CVE-2015-5364, CVE-2015-5366