SQL Injection in WeBid
Monthly Archives: February 2016
Bugtraq: [SECURITY] [DSA 3482-1] libreoffice security update
[SECURITY] [DSA 3482-1] libreoffice security update
Bugtraq: [security bulletin] HPSBUX03437 SSRT110025 rev.1 – HP-UX IPFilter, Remote Denial of Service (DoS)
[security bulletin] HPSBUX03437 SSRT110025 rev.1 – HP-UX IPFilter, Remote Denial of Service (DoS)
Bugtraq: CVE-2015-7521: Apache Hive authorization bug disclosure (update)
CVE-2015-7521: Apache Hive authorization bug disclosure (update)
Apple and ‘exceptional access’ to crypto protection
Apple is the latest in a host of technology players to be requested to allow exceptional access, that is, access in exceptional cases where it would be deemed to have high value relative to an active investigation.
The post Apple and ‘exceptional access’ to crypto protection appeared first on We Live Security.
RHSA-2016:0258-1: Important: thunderbird security update
Red Hat Enterprise Linux: An updated thunderbird package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5, 6, and 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1930, CVE-2016-1935
RHBA-2016:0272-1: Red Hat Enterprise Linux 7.2.2 Container Image Update
An updated Red Hat Enterprise Linux 7.2.2 container image is now available.
RHBA-2016:0268-1: ptlib bug fix update
Red Hat Enterprise Linux: Updated ptlib packages that fix one bug are now available for Red Hat Enterprise
Linux 7.
RHBA-2016:0267-1: python-oslo-messaging bug fix advisory
Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat
Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7.
USN-2895-1: Oxide vulnerabilities
Ubuntu Security Notice USN-2895-1
18th February, 2016
oxide-qt vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in Oxide.
Software description
- oxide-qt
– Web browser engine library for Qt (QML plugin)
Details
The DOM implementation in Chromium did not properly restrict frame-attach
operations from occurring during or after frame-detach operations. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to bypass same-origin restrictions.
(CVE-2016-1623)
An integer underflow was discovered in Brotli. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2016-1624)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.10:
-
liboxideqtcore0
1.12.6-0ubuntu0.15.10.1
- Ubuntu 14.04 LTS:
-
liboxideqtcore0
1.12.6-0ubuntu0.14.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.