CentOS Errata and Enhancement Advisory 2016:0463 Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0463.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: b55aaa5f5f809c60a134bb428d2d14af44155f0a8ea12cb9201d6f69ec33c44b tzdata-2016b-1.el7.noarch.rpm 8717b9268d08bb26e2445937d475aeb605735143879403b210071f6ace89abec tzdata-java-2016b-1.el7.noarch.rpm Source: 0cbb34392a2f51e4033c328d66d4956f372263105bd599471fcf2a7aea3e8983 tzdata-2016b-1.el7.src.rpm
Monthly Archives: March 2016
CEEA-2016:0463 CentOS 6 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2016:0463 Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0463.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c2b3f2307a45c548af1a5ef01118154abf2b392b5f470cf48870725f61c792ff tzdata-2016b-1.el6.noarch.rpm ec58f2853bfc0c420ebf6f281a697530eec99a740d39c98207be2b7ef1ab1285 tzdata-java-2016b-1.el6.noarch.rpm x86_64: c2b3f2307a45c548af1a5ef01118154abf2b392b5f470cf48870725f61c792ff tzdata-2016b-1.el6.noarch.rpm ec58f2853bfc0c420ebf6f281a697530eec99a740d39c98207be2b7ef1ab1285 tzdata-java-2016b-1.el6.noarch.rpm Source: 7067903f26b0cfa462bc91d06f8b32407003d6f263e619b82082a44130336bd3 tzdata-2016b-1.el6.src.rpm
CEEA-2016:0463 CentOS 5 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2016:0463 Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0463.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 7a28c670b58f7c12f06b5bfb5a93c24342ec7988c975bba138b9b5cbceae47c8 tzdata-2016b-1.el5.i386.rpm 7b47f4d24382b4a8854ecf04b1b81d82af84db0bf287794e1737d5e94c1ea111 tzdata-java-2016b-1.el5.i386.rpm x86_64: d1aebb60e6530b1939c55adf7cc7a11a516e6549fe8356e1270b68808622cc90 tzdata-2016b-1.el5.x86_64.rpm 223e2e0595104cffa3e399ece521da0931fc48b74926b124b81a5269a5974d5a tzdata-java-2016b-1.el5.x86_64.rpm Source: 956d1f95c0e2df902c890f824f288e97fdc098f849dab043a939bf8bfdb992fb tzdata-2016b-1.el5.src.rpm
Bypassing NoScript Security Suite Using XSS And MITM Attacks
This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.
Grandstream Wave 1.0.1.26 Update Redirection
The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app’s Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package
Grandstream Wave 1.0.1.26 TLS Man-In-The-Middle
Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.
Debian Security Advisory 3519-1
Debian Linux Security Advisory 3519-1 – Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.
Slackware Security Advisory – mozilla-firefox Updates
Slackware Security Advisory – New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
Ubuntu Security Notice USN-2935-3
Ubuntu Security Notice 2935-3 – USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. Various other issues were also addressed.
BigTree 4.2.8 Object Injection / Improper Filename Sanitization
BigTree version 4.2.8 suffers from object injection and improper filename sanitization.