RHSA-2016:0296-1: Important: rh-ror41 security update

February 25, 2016 007admin Leave a comment

Red Hat Enterprise Linux: Updated rh-ror41-rubygem-actionpack, rh-ror41-rubygem-actionview,
rh-ror41-rubygem-activemodel, and rh-ror41-rubygem-activerecord packages
that fix multiple security issues are now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753

Ubuntu

USN-2913-1: ca-certificates update

February 25, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2913-1

24th February, 2016

ca-certificates update

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

ca-certificates was updated to the 20160104 package.

Software description

ca-certificates
– Common CA certificates

Details

The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: ca-certificates

20160104ubuntu0.15.10.1
Ubuntu 14.04 LTS:: ca-certificates

20160104ubuntu0.14.04.1
Ubuntu 12.04 LTS:: ca-certificates

20160104ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1528645

Ubuntu

USN-2913-4: GnuTLS update

February 25, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2913-4

24th February, 2016

gnutls26 update

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Updated GnuTLS packages are required for the USN-2913-1 update.

Software description

gnutls26
– GNU TLS library

Details

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
GnuTLS package to properly handle the removal.

Original advisory details:

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: libgnutls26

2.12.23-12ubuntu2.5
Ubuntu 12.04 LTS:: libgnutls26

2.12.14-5ubuntu3.12

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1528645

Ubuntu

USN-2913-2: glib-networking update

February 25, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2913-2

24th February, 2016

glib-networking update

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Updated glib-networking packages are required for the USN-2913-1 update.

Software description

glib-networking
– network-related giomodules for GLib

Details

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
glib-networking package to properly handle the removal.

Original advisory details:

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: glib-networking

2.46.0-1ubuntu0.1
Ubuntu 14.04 LTS:: glib-networking

2.40.0-1ubuntu0.1
Ubuntu 12.04 LTS:: glib-networking

2.32.1-1ubuntu2.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1528645

Ubuntu

USN-2913-3: OpenSSL update

February 25, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2913-3

24th February, 2016

openssl update

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Updated OpenSSL packages are required for the USN-2913-1 update.

Software description

openssl
– Secure Socket Layer (SSL) cryptographic library and tools

Details

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
OpenSSL package to properly handle the removal.

Original advisory details:

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: libssl1.0.0

1.0.1f-1ubuntu2.17
Ubuntu 12.04 LTS:: libssl1.0.0

1.0.1-4ubuntu5.34

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1528645

Hackers News

Judge Confirms Government Paid CMU Scientists to Hack Tor Users for FBI

February 25, 2016 007admin Leave a comment

Everything is now crystal clear:

The security researchers from Carnegie Mellon University (CMU) were hired by the federal officials to discover a technique that could help the FBI Unmask Tor users and Reveal their IP addresses as part of a criminal investigation.

Yes, a federal judge in Washington has recently confirmed that the computer scientists at CMU’s Software Engineering

Hackers News

Asus Faces 20 years of Audits Over Poor Wi-Fi Router Security

February 25, 2016 007admin Leave a comment

Currently, Asus is undergoing through a troublesome situation after a lawsuit had been filed by the US Federal Trade Commission (FTC) regarding its Router Insecurity.

On Tuesday, FTC settled charges with Asus, where the hardware manufacturing company agrees to:

Undergo Independent Security Audits Once in 2 years, for the Next 2 Decades.

This action had been taken as the result of

Kaspersky

Computer safety do's and don'ts at tax time

February 25, 2016 007admin Leave a comment

Computer safety do’s and don’ts at tax time – USA Today

Kaspersky

Kaspersky Lab Solutions Triumph in 2015 AV-Test Awards for Performance, Usability and Repair

February 24, 2016 007admin Leave a comment

Kaspersky Lab Solutions Triumph in 2015 AV-Test Awards for Performance, Usability and Repair

US-CERT

Drupal Releases Security Updates

February 24, 2016 007admin Leave a comment

Original release date: February 24, 2016

Drupal has released updates to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website.

Available updates include:

Drupal core 6.38 for 6.x users
Drupal core 7.43 for 7.x users
Drupal core 8.0.4 for 8.0.x users

Users and administrators are encouraged to review Drupal’s Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Ubuntu Security Notice USN-2913-1

ca-certificates update

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2913-4

gnutls26 update

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2913-2

glib-networking update

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2913-3

openssl update

Summary

Software description

Details

Update instructions

References

Software and Security Information