Monthly Archives: November 2015
Apple IDs Targeted In Global Phishing Scam
Weeks Before NSA Bulk Phone Spying Ends, US Judge (Kinda) Reins In Program
HTTPS Certs With Forbidden Domains Issued By Quite A Few CAs
DSA-3396 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service.
DSA-3397 wpa – security update
Several vulnerabilities have been discovered in wpa_supplicant and
hostapd. The Common Vulnerabilities and Exposures project identifies the
following problems:
Symantec Releases Security Update
Original release date: November 09, 2015
Symantec has released an update to address vulnerabilities in Symantec Endpoint Protection version 12.1. Exploitation one of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Security Advisory from Symantec and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Comodo Issues Eight Forbidden Certificates
Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses.
CVE-2015-8001
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.
CVE-2015-8002
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.