HP Security Bulletin HPSBHF03545 1 – Potential security vulnerabilities identified with Windows running the NVidia Graphics Driver have been addressed in certain HP EliteBook and Zbook Products. The vulnerabilities could be locally exploited resulting in execution of code, Denial of Service (DoS), elevation of privilege, or other impacts. Note: In addition to the CVE vulnerabilities referenced below, this update also addresses the “MS_Detours_Security_Update_For_Nvidia_Driver” vulnerability where the Nvidia driver has an unpatched Microsoft Detours library that limits the effectiveness of OS Security features such as ASLR, DEP and SafeSEH. Depending on the security context of the target system, malicious code attacks can result in loss of information, denial of service, or full system compromise. Revision 1 of this advisory.
Monthly Archives: March 2016
Beheshti University Of Iran Insecure Transit
Beheshti University of Iran has an endpoint that fails to use TLS when taking in credentials.
France could Fine Apple $1 Million for each iPhone it Refuses to Unlock
The United States is not the only one where Apple is battling with the federal authorities over iPhone encryption. Apple could face $1 Million in Fine each time the company refused to unlock an iPhone in France.
Despite its victory in a New York court yesterday, Apple may not be so successful elsewhere in fighting against federal authorities over iPhone encryption battle.
Yann Galut, a
IRS Issues Alert for Tax Phishing Scheme
Original release date: March 02, 2016
The Internal Revenue Service (IRS) has issued a news release addressing a new spear phishing scheme targeting payroll and human resource professionals. In this scheme, cybercriminals pose as company executives requesting personal information on employees.
US-CERT encourages users and administrators to review the IRS news release for details and refer to US-CERT Security Tip ST15-001 for information on tax-themed phishing attacks.
This product is provided subject to this Notification and this Privacy & Use policy.
Red Hat Security Advisory 2016-0306-01
Red Hat Security Advisory 2016-0306-01 – OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.
CESA-2016:0346 Important CentOS 7 postgresqlSecurity Update
CentOS Errata and Security Advisory 2016:0346 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0346.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 5c458f42b2ef11fcc4b62d7f69c7dc1e033957c471387d65a6d49c0d7df6f128 postgresql-9.2.15-1.el7_2.i686.rpm 2434cedad6cd2fd921d499c57864e69e8db4ec7166d0f390c055074d50ddd2a7 postgresql-9.2.15-1.el7_2.x86_64.rpm f7484385c8df8fa144de7fea6e3fb64f657a3325608e3d25dd5d6e68f32fa7ea postgresql-contrib-9.2.15-1.el7_2.x86_64.rpm 1eeabfd3110ad851ad61b68271e2594d2807241617e395427a83f89f1e662d6f postgresql-devel-9.2.15-1.el7_2.i686.rpm 62790ddfbb18ad771af372509b674b62284d8d47c390dc397269f71c9fef8df3 postgresql-devel-9.2.15-1.el7_2.x86_64.rpm 0e787b99e9fddde0900c8dbf2014025ec8ce1c578c684e5ce51c532b52f1abb4 postgresql-docs-9.2.15-1.el7_2.x86_64.rpm 51c0e1cc0983e2139d11ea212f23f1ce60b6ed25a071743f360515688898aaa5 postgresql-libs-9.2.15-1.el7_2.i686.rpm 53f4bed4816944cdfd1b896ad6933c799f3429b221d2146d91d462e5c608fae3 postgresql-libs-9.2.15-1.el7_2.x86_64.rpm 2c9e04943c318f89e8c94d8104e01cbeb1c9dcbf868dee434c3e65505384cb03 postgresql-plperl-9.2.15-1.el7_2.x86_64.rpm 36021f26db1f2addf89e15707348cc611b34f0b9fe385df77e1f50994c978fa6 postgresql-plpython-9.2.15-1.el7_2.x86_64.rpm a9d8728e1b5a7c34ce94b1c339c3017691da43458afcec07f6be207c96877795 postgresql-pltcl-9.2.15-1.el7_2.x86_64.rpm 5be958fcca92e4b44dcfcae4f50bb16c05386c06b31ddcd36b5cf6c4ffd01af4 postgresql-server-9.2.15-1.el7_2.x86_64.rpm 8afce69552067b932036be540522b0db2d4c245cedb1fad8eb4762b02586a83d postgresql-test-9.2.15-1.el7_2.x86_64.rpm 1e7aa4a53e7cee01fdd305e69bc2e7927f85d97682dd925b3adb0b12e75a9872 postgresql-upgrade-9.2.15-1.el7_2.x86_64.rpm Source: 2e7e14805236939e21dd3bb2b293c205206c7cb76c0beb42317a4073aeb9aab0 postgresql-9.2.15-1.el7_2.src.rpm
Cisco Releases Security Updates
Original release date: March 02, 2016
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected device.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:
- Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability
- Cisco NX-OS Software TCP Denial-of-Service Vulnerability
- Cisco Web Security Appliance Denial-of-Service Vulnerability
- Cisco NX-OS Software SNMP Denial-of-Service Vulnerability
This product is provided subject to this Notification and this Privacy & Use policy.
CESA-2016:0346 Important CentOS 7 postgresqlSecurity Update
CentOS Errata and Security Advisory 2016:0346 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0346.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 5c458f42b2ef11fcc4b62d7f69c7dc1e033957c471387d65a6d49c0d7df6f128 postgresql-9.2.15-1.el7_2.i686.rpm 2434cedad6cd2fd921d499c57864e69e8db4ec7166d0f390c055074d50ddd2a7 postgresql-9.2.15-1.el7_2.x86_64.rpm f7484385c8df8fa144de7fea6e3fb64f657a3325608e3d25dd5d6e68f32fa7ea postgresql-contrib-9.2.15-1.el7_2.x86_64.rpm 1eeabfd3110ad851ad61b68271e2594d2807241617e395427a83f89f1e662d6f postgresql-devel-9.2.15-1.el7_2.i686.rpm 62790ddfbb18ad771af372509b674b62284d8d47c390dc397269f71c9fef8df3 postgresql-devel-9.2.15-1.el7_2.x86_64.rpm 0e787b99e9fddde0900c8dbf2014025ec8ce1c578c684e5ce51c532b52f1abb4 postgresql-docs-9.2.15-1.el7_2.x86_64.rpm 51c0e1cc0983e2139d11ea212f23f1ce60b6ed25a071743f360515688898aaa5 postgresql-libs-9.2.15-1.el7_2.i686.rpm 53f4bed4816944cdfd1b896ad6933c799f3429b221d2146d91d462e5c608fae3 postgresql-libs-9.2.15-1.el7_2.x86_64.rpm 2c9e04943c318f89e8c94d8104e01cbeb1c9dcbf868dee434c3e65505384cb03 postgresql-plperl-9.2.15-1.el7_2.x86_64.rpm 36021f26db1f2addf89e15707348cc611b34f0b9fe385df77e1f50994c978fa6 postgresql-plpython-9.2.15-1.el7_2.x86_64.rpm a9d8728e1b5a7c34ce94b1c339c3017691da43458afcec07f6be207c96877795 postgresql-pltcl-9.2.15-1.el7_2.x86_64.rpm 5be958fcca92e4b44dcfcae4f50bb16c05386c06b31ddcd36b5cf6c4ffd01af4 postgresql-server-9.2.15-1.el7_2.x86_64.rpm 8afce69552067b932036be540522b0db2d4c245cedb1fad8eb4762b02586a83d postgresql-test-9.2.15-1.el7_2.x86_64.rpm 1e7aa4a53e7cee01fdd305e69bc2e7927f85d97682dd925b3adb0b12e75a9872 postgresql-upgrade-9.2.15-1.el7_2.x86_64.rpm Source: 2e7e14805236939e21dd3bb2b293c205206c7cb76c0beb42317a4073aeb9aab0 postgresql-9.2.15-1.el7_2.src.rpm
Turing Award — Inventors of Modern Cryptography Win $1 Million Cash Prize
And the Winners of this year’s Turing Award are: Whitfield Diffie and Martin E. Hellman.
The former chief security officer at Sun Microsystems Whitfield Diffie and the professor at Stanford University Martin E. Hellman won the 2015 ACM Turing Award, which is frequently described as the “Nobel Prize of Computing”.
Turing Award named after Alan M. Turing, the British mathematician and computer
CESA-2016:0347 Important CentOS 6 postgresqlSecurity Update
CentOS Errata and Security Advisory 2016:0347 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0347.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 28887eb490932c082e1b7b1265d02162825dc1441e4a3a42bb5512b7f4640c22 postgresql-8.4.20-5.el6_7.i686.rpm 21b0002c1e9c222562e1983daa806617ef41aaac55a0c2e69fc10775b2afda04 postgresql-contrib-8.4.20-5.el6_7.i686.rpm ae7607f18010b13d047dea7824218ff37e3ffed61e613079c8f2bc5a86e7d7e2 postgresql-devel-8.4.20-5.el6_7.i686.rpm c2d3da027a5532c8776da45a58d8d3ea1cc45c62b32b852f4d025b055a60f14d postgresql-docs-8.4.20-5.el6_7.i686.rpm ab8d3a2bec35fef0477a62dc8aad01af0ce9cb4207392b402620b4a87ba55d16 postgresql-libs-8.4.20-5.el6_7.i686.rpm 3b97c7a7a81ff2e8ce6235b01337bd5267496491599f5621a8e958f77fe33aba postgresql-plperl-8.4.20-5.el6_7.i686.rpm b215251545d709136b8491aadfeebd68336d65855f68292d1ff849ddd6282f22 postgresql-plpython-8.4.20-5.el6_7.i686.rpm 4a29d7cdfcb7db337a96919a83c266e8a8f65c5b31beecbb6cb022ca66ff371f postgresql-pltcl-8.4.20-5.el6_7.i686.rpm fe69ec2c0a5be8820d4d6732a79f25011356d95e4cb8c9c3c00353b524794c20 postgresql-server-8.4.20-5.el6_7.i686.rpm ee3bcd8a1b0f602d62c3dcc66d4dfba7c1c07dfc0b0325655fdb1089e795917e postgresql-test-8.4.20-5.el6_7.i686.rpm x86_64: 28887eb490932c082e1b7b1265d02162825dc1441e4a3a42bb5512b7f4640c22 postgresql-8.4.20-5.el6_7.i686.rpm c7cd7d3d73f7881040d5e76f4602f9b3c99051eeb66bfb16d614fc0e92bb6a72 postgresql-8.4.20-5.el6_7.x86_64.rpm 0f5d90c73d67b5d75b1d18e38f55cab7a7f14634a44aa5246a8b902a08499e2a postgresql-contrib-8.4.20-5.el6_7.x86_64.rpm ae7607f18010b13d047dea7824218ff37e3ffed61e613079c8f2bc5a86e7d7e2 postgresql-devel-8.4.20-5.el6_7.i686.rpm d5138d6cf2d30936b11d07e0f6405edef3b16da393d1b10f19571dc3da67c99b postgresql-devel-8.4.20-5.el6_7.x86_64.rpm 787b50591dc468e74ccb804e5a36afc30923e3a416bd5b0711db4ff863d765f6 postgresql-docs-8.4.20-5.el6_7.x86_64.rpm ab8d3a2bec35fef0477a62dc8aad01af0ce9cb4207392b402620b4a87ba55d16 postgresql-libs-8.4.20-5.el6_7.i686.rpm fc4a053f7f71071c0559d6718e06c7f0eca8026d8df595deaa2ee15b060aa745 postgresql-libs-8.4.20-5.el6_7.x86_64.rpm 894f0de472b5ce8bac0507f5c3f9c03b1f7c2c7f365f6d78b78084924fe2d2bc postgresql-plperl-8.4.20-5.el6_7.x86_64.rpm 4a30da101c89de17815d3428a28f40a2c0abad82ab95ee2bcb5c32bfec373367 postgresql-plpython-8.4.20-5.el6_7.x86_64.rpm fef0d25e31d54df816279e46671ad715335705b12af73d63b8f3cc1420d02bb4 postgresql-pltcl-8.4.20-5.el6_7.x86_64.rpm 02b4bd3d5b2df30694e57e6e35e51437c17f4665c5b0d79abf123efdcd7b7d9f postgresql-server-8.4.20-5.el6_7.x86_64.rpm b7bd6d7f6d4fc310e6eaed09b8f0078037f4631d3c99257610d7e3ef432c3edd postgresql-test-8.4.20-5.el6_7.x86_64.rpm Source: 1d25cec7562ac152fbf1be84b28cd1ec2b57d46e031457188db1f565e02812f8 postgresql-8.4.20-5.el6_7.src.rpm