[slackware-security] mailx (SSA:2016-062-01)
Monthly Archives: March 2016
Bugtraq: [slackware-security] openssl (SSA:2016-062-02)
[slackware-security] openssl (SSA:2016-062-02)
Bugtraq: [slackware-security] php (SSA:2016-062-03)
[slackware-security] php (SSA:2016-062-03)
Bugtraq: WordPress Bulk Delete Plugin [Privilege Escalation]
WordPress Bulk Delete Plugin [Privilege Escalation]
Hack the Pentagon — US Government Challenges Hackers to Break its Security
The United States Department of Defense (DoD) has the plan to boost their internal and network security by announcing what it calls “the first cyber Bug Bounty Program in the history of the federal government,” officially inviting hackers to take up the challenge.
Dubbed “Hack the Pentagon,” the bug bounty program invites the hackers and security researchers only from the United States to
RHSA-2016:0346-1: Important: postgresql security update
Red Hat Enterprise Linux: Updated postgresql packages that fix one security issue are now available
for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2016-0773
RHEA-2016:0344-1: bash Shift_JIS enhancement update
Red Hat Enterprise Linux: Updated bash Shift_JIS packages that add one enhancement are now available for
Red Hat Enterprise Linux 6.
RHBA-2016:0345-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.6 Extended Update Support.
Online Essentials: new exciting features
If Leonardo DiCaprio won the Oscar, why can’t you be awarded at last for the smartest choice regarding your devices’ security? Try the new features of Avira Online Essentials and you’ll be able to ensure security for your PC and smartphone much more easily.
The post Online Essentials: new exciting features appeared first on Avira Blog.
USN-2916-1: Perl vulnerabilities
Ubuntu Security Notice USN-2916-1
2nd March, 2016
perl vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in Perl.
Software description
- perl
– Practical Extraction and Report Language
Details
It was discovered that Perl incorrectly handled certain regular expressions
with an invalid backreference. An attacker could use this issue to cause
Perl to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2013-7422)
Markus Vervier discovered that Perl incorrectly handled nesting in the
Data::Dumper module. An attacker could use this issue to cause Perl to
consume memory and crash, resulting in a denial of service. (CVE-2014-4330)
Stephane Chazelas discovered that Perl incorrectly handled duplicate
environment variables. An attacker could possibly use this issue to bypass
the taint protection mechanism. (CVE-2016-2381)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.10:
-
perl
5.20.2-6ubuntu0.2
- Ubuntu 14.04 LTS:
-
perl
5.18.2-2ubuntu1.1
- Ubuntu 12.04 LTS:
-
perl
5.14.2-6ubuntu2.5
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.