Cybersecurity experts are joining forces with government officials to try and “end the war between privacy and security”, it has been revealed.
The post Privacy and security ‘war’ must come to an end appeared first on We Live Security.
Monthly Archives: February 2016
Just One Device? No, Government wants Apple to Unlock 12 More iPhones
Until now, the FBI is asking for Apple’s help in unlocking the iPhone belonging to one of the terrorists in the San Bernardino shootings that killed 14 and injured 24 in December.
However, in addition to iPhone 5C belonged to San Bernardino shooter Syed Farook, the U.S. Justice Department is looking at court orders forcing Apple to help officials unlock at least 12 iPhones.
<!– adsense
Bugtraq: [SECURITY] [DSA 3489-1] lighttpd security update
[SECURITY] [DSA 3489-1] lighttpd security update
Bugtraq: [slackware-security] bind (SSA:2016-054-01)
[slackware-security] bind (SSA:2016-054-01)
Bugtraq: Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass
Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass
Bugtraq: Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
Executable installers are vulnerable^WEVIL (case 4): InstallShield’s wrapper and setup.exe
RHEA-2016:0292-1: Red Hat Enterprise MRG Realtime 2.5 enhancement update
Red Hat Enterprise Linux: Updated Red Hat Enterprise MRG Realtime packages that add one enhancement are
now available for Red Hat Enterprise MRG 2.5.
RHBA-2016:0294-1: rhel-guest-image update
Red Hat Enterprise Linux: An updated rhel-guest-image package that includes glibc packages that are
not vulnerable to CVE-2015-7547,
USN-2905-1: Oxide vulnerability
Ubuntu Security Notice USN-2905-1
23rd February, 2016
oxide-qt vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary
Oxide could be made to bypass same-origin restrictions.
Software description
- oxide-qt
– Web browser engine library for Qt (QML plugin)
Details
A security issue was discovered in Chromium. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass same-origin restrictions or a sandbox protection mechanism.
(CVE-2016-1629)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.10:
-
liboxideqtcore0
1.12.7-0ubuntu0.15.10.1
- Ubuntu 14.04 LTS:
-
liboxideqtcore0
1.12.7-0ubuntu0.14.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2912-1: libssh vulnerabilities
Ubuntu Security Notice USN-2912-1
23rd February, 2016
libssh vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in libssh.
Software description
- libssh
– A tiny C SSH library
Details
Mariusz Ziulek discovered that libssh incorrectly handled certain packets.
A remote attacker could possibly use this issue to cause libssh to crash,
resulting in a denial of service.
(CVE-2015-3146)
Aris Adamantiadis discovered that libssh incorrectly generated ephemeral
secret keys of 128 bits instead of the recommended 1024 or 2048 bits when
using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a
remote attacker were able to perform a man-in-the-middle attack, this flaw
could be exploited to view sensitive information. (CVE-2016-0739)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.10:
-
libssh-4
0.6.3-3ubuntu3.2
- Ubuntu 14.04 LTS:
-
libssh-4
0.6.1-0ubuntu3.3
- Ubuntu 12.04 LTS:
-
libssh-4
0.5.2-1ubuntu0.12.04.6
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.