Google has patched Android against a critical Linux kernel vulnerability, and said the number of affected Android devices has been exaggerated.
Monthly Archives: January 2016
xwpe 1.5.30a-2.1 Buffer Overflow
xwpe versions 1.5.30a-2.1 and below are prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input.
WiX Toolset DLL Hijacking
WiX Toolset installers suffer from a DLL hijacking vulnerability.
CESA-2016:0054 Important CentOS 5java-1.7.0-openjdk Security Update
CentOS Errata and Security Advisory 2016:0054 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0054.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6b8356bdf8dceac8510318c20ffa6e2766319bf9343905cb922d485ed1d569b0 java-1.7.0-openjdk-1.7.0.95-2.6.4.1.el5_11.i386.rpm 6e37065079ef0ed139b94b562d43dad5a234e82798f261e8fc891e184d8bc3df java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.1.el5_11.i386.rpm 8534b7da2b47410d9a80309cb25b11b3ce4575a01362f40ac5b8c809046113c9 java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.1.el5_11.i386.rpm 035c04215b55bfc1616d3e199e5a805a00a199f8cd727bc3c0e6f0c36d5e0ae4 java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.1.el5_11.i386.rpm 2c4e8296208edf249c7ee8535d3787bf2bbf2f05fbeee7eacec4ee05b75fd8e2 java-1.7.0-openjdk-src-1.7.0.95-2.6.4.1.el5_11.i386.rpm x86_64: 88196e14d968cf03bac8f2d8611b6aa6bd48d20bba1f9276dbcda31bc55e258a java-1.7.0-openjdk-1.7.0.95-2.6.4.1.el5_11.x86_64.rpm 1b7e68fb6e2646e69688706f624d59dcbf0cf712b55edbf1fbcf13940e43da77 java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.1.el5_11.x86_64.rpm 87cf1b1be206b164f11c156a1335d88c9ba43e081740e85d1f58f689918fd6b5 java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.1.el5_11.x86_64.rpm 02faad7501ac71eb22f02a0ebb7ba45f1987628cef576d78e40dcd3a2e177553 java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.1.el5_11.x86_64.rpm 1b534f1e188b78a55185064237410d0580f93b532406f4acfb6eb08f0f7d1ccf java-1.7.0-openjdk-src-1.7.0.95-2.6.4.1.el5_11.x86_64.rpm Source: 2f0d5f220f2855e0d5b5408959a9987bf2b682d1d094887b7d1d12e241204877 java-1.7.0-openjdk-1.7.0.95-2.6.4.1.el5_11.src.rpm
Announcing release for Gluster 3.6 and 3.7 onCentOS Linux 6 x86_64
I am happy to announce the General Availability of Gluster 3.6 and 3.7 for CentOS 6 on x86_64. These packages are following the upstream Gluster Community releases, with one minor update for each version per month. Users of CentOS 6 can now simply install Gluster with only these two commands: # yum install centos-release-gluster # yum install glusterfs-server The centos-release-gluster content comes from the centos-release-gluster37 package delivered via CentOS Extras repos. This contains all the metadata and dependancy information, needed to install Gluster 3.7. For people looking at running Gluster 3.6, there is the centos-release-gluster36 package. In order to get this version, substitute the step-1 mentioned above with: # yum install centos-release-gluster36 We have a quickstart guide specifically built around the packages are available now, it makes for a good introduction to Gluster and will help get you started in just a few simple steps, this quick start is available at https://wiki.centos.org/SpecialInterestGroup/Storage/gluster-Quickstart More details about the packages that the Gluster project provides in the Storage SIG is available in the documentation: https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster The centos-release-gluster* repositories offer additional packages that enhance the usability of Gluster itself. Users can request additional tools and applications to be provided, just send us an email with your suggestions. The current list of packages that is (planned to become) available can be found here: https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster/Ecosystem-pkgs Gluster is the first project that provides packages through the Storage SIG. Other projects are in the process to do so too. General information about the SIG can be read in the wiki: https://wiki.centos.org/SpecialInterestGroup/Storage We welcome all feedback, comments and contributions. You can get in touch with the CentOS Storage SIG on the centos-devel mailing list ( https://lists.centos.org ) and with the Gluster developer and user communities at https://www.gluster.org/mailman/listinfo , we are also available on irc at #gluster on irc.freenode.net, and on twitter at < at >gluster . Cheers, Niels de Vos Storage SIG member & Gluster maintainer
CVE-2015-8472
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
Quick CMS 6.1 Cross Site Request Forgery / Cross Site Scripting
Quick CMS version 6.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
HD Moore To Build New Venture Capital Firm
Metasploit creator HD Moore announced he’s leaving Rapid7 at the end of the month for a new venture capital opportunity.
You Wouldn't Believe that Too Many People Still Use Terrible Passwords
Some things online can never change like — Terrible Passwords by Humans.
When it’s about various security measures to be taken in order to protect your Internet security, like installing a good anti-virus or running Linux on your system doesn’t mean that your work gets over here, and you are safe enough from online threats.
However, even after countless warnings, most people are
Beware fraudulent Steam extensions
Do you belong to the ever growing group of Steam users that loves to trade and gamble on Valves platform – and therefor have a huge inventory?
The post Beware fraudulent Steam extensions appeared first on Avira Blog.