Monthly Archives: April 2016

NVD

CVE-2016-3118

Leave a comment

CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.

NVD

CVE-2016-3125

Leave a comment

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.

Full Disclosure

Re: [SE-2012-01] Broken security fix in IBM Java 7/8

Leave a comment

Posted by Security Explorations on Apr 05

Hello All,

I should have included the following information in my original post:
1) Issue 67 was assigned CVE-2013-3009 [1],
2) it originally affected IBM Java from versions 1.4 to 7 [2],
3) CVE-ID corresponding to a broken patch will likely not reflect the
original issue. This was the case for IBM’s Issue 49 (CVE-2012-4823)
and two of its broken fixes (CVE-2013-3012 and CVE-2013-5458).
4) Incomplete patch for Issue 67 may affect…

CentOS

CESA-2016:0594 Important CentOS 7 graphite2Security Update

Leave a comment 
CentOS Errata and Security Advisory 2016:0594 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0594.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
5833acac7b610ae47aaff9fff6976044184dcef52f724a1f94142e69e2215116  graphite2-1.3.6-1.el7_2.i686.rpm
f14d09c338249719f5f75305ee0dc6c32829ad3e45c7bc62b9fa530d37bcd35f  graphite2-1.3.6-1.el7_2.x86_64.rpm
2ba25e1c7cf6d499d2826dce52b463b1b41b653087a2b02b0a22f0a2ad8e8968  graphite2-devel-1.3.6-1.el7_2.i686.rpm
1ee921c206f47b305e00b9ead905655decd0c93334962dd6ed74112dc4be6db9  graphite2-devel-1.3.6-1.el7_2.x86_64.rpm

Source:
24e94805fcb7de71ccd8fd1ecaf44cf56602da1a030a14c4d7862c3bcd87bbea  graphite2-1.3.6-1.el7_2.src.rpm
AVG

Revolutionize Your Business with AVG Managed Workplace

Leave a comment

This year, we’ve put a laser focus on simplifying managed services to see how we can help our AVG partners fulfill their service contracts in an efficient and profitable way.

Seeing is believing.  And that’s why we let our early adopter partners be the judge of our newest release, Managed Workplace 10. They were impressed, we hope you will agree.

It’s time to step away from your 30+ checklist of onboarding items – we’re about to tell you how you can align your SLAs with your service delivery models and get your onboarding process down to a few simple clicks.

AVG Business has just launched Managed Workplace 10. This is our new, simplified service delivery platform that allows MSPs to standardize the configuration and onboarding of multiple customer sites.  We’ve designed the platform to align with the way MSPs do business. You can now standardize service delivery, quickly configure and onboard clients, reduce manual configuration, eliminate errors, drive efficiencies and more.

Managed Workplace 10 is a completely new platform that changes the way that an RMM helps drive profitability for your business.  Our partners will now have access to an RMM solution that gives them a centrally planned and automated way to cover those checkboxes and implement services, upgrades or changes, in a simple, applied way.

Here are a few highlights:

  • Fast, simplified deployment: With an onboarding process of only five clicks, you can get new customer sites up and running in under 30 minutes. You’ll also be able to deliver standardized service offerings right out of the box. Easily turn on or off services as required or create new services for client sites. Without missed steps or manual processes.
  • Service delivery model: Easily choose the mix of services that match your clients’ needs, uptime and budget. We’ve taken the industry’s three familiar reactive, proactive and fixed fee service models, added our key Managed Workplace features, and integrated these directly into our services platform.
  • Action-based dashboard: Add new services in minutes, deliver enhanced service levels and increase sales through our new single pane of glass, action-based services dashboard.

 

Managed Workplace 10 is the latest proof point to our mission to simplify the experience of securing businesses and deliver security products that meet our partners’ needs.

Sign up today and join the Managed Workplace revolution!

CentOS

CEEA-2016:0593 CentOS 7 libguestfs EnhancementUpdate

Leave a comment 
CentOS Errata and Enhancement Advisory 2016:0593 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0593.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
e41f1f0c1e04016bf837b5c5e32523d3cfb6fefa148c273f98a0d3906fd40fba  libguestfs-1.28.1-1.55.el7.centos.2.x86_64.rpm
1de3c2f505fb7947ce4bf7a02aed54bb841af60c3b2520be629facd9b428aa87  libguestfs-bash-completion-1.28.1-1.55.el7.centos.2.noarch.rpm
25d7239057eb0e67658bd88e9cd1131adf7cc30dd7248830eb9ff6ad900ec9b0  libguestfs-devel-1.28.1-1.55.el7.centos.2.x86_64.rpm
f1f49fd37bfe8e79472c85144cfa490f2b603529c590d1bce743cec54c9b4835  libguestfs-gfs2-1.28.1-1.55.el7.centos.2.x86_64.rpm
99736d954ddbe3cfd11e6a539d818b92a8d2c525fd22246bdba1d7d4cf48c084  libguestfs-gobject-1.28.1-1.55.el7.centos.2.x86_64.rpm
061eea52827be1f861a79d558bcf50e470de0b9480e2b26a91f0d34726c4fb70  libguestfs-gobject-devel-1.28.1-1.55.el7.centos.2.x86_64.rpm
124437fac47dfa1fcdf36dfc6f6329c360732dda2ba02c37c46bbabb8516e475  libguestfs-gobject-doc-1.28.1-1.55.el7.centos.2.noarch.rpm
4595763999e8fbc60b902282e6487175ec1dc0a1967075598ff78b3e54073a41  libguestfs-java-1.28.1-1.55.el7.centos.2.x86_64.rpm
395de464f35786d4a52e2d340992dc51af77441b862246156f58bd5ea45c942a  libguestfs-java-devel-1.28.1-1.55.el7.centos.2.x86_64.rpm
fe7d1c1f1018935bf163849aecdb53411556464b5bac0dcbb259c112701add1f  libguestfs-javadoc-1.28.1-1.55.el7.centos.2.noarch.rpm
55dd3a16b965949628f1ee2a57f7ac3a059650066a7edc6eca681ffae2fbd3e6  libguestfs-man-pages-ja-1.28.1-1.55.el7.centos.2.noarch.rpm
16fc4d292e720a143f7558d9c831295698b15cb54a02c0ab0323d0756086d2e5  libguestfs-man-pages-uk-1.28.1-1.55.el7.centos.2.noarch.rpm
1f51f5079763f480e241bb3025b4b188b86c6b6f5c786ed5aee607308b00f01a  libguestfs-rescue-1.28.1-1.55.el7.centos.2.x86_64.rpm
26e2e13368845dc9c5a87b0026b3d4553e92e4a41769a0f7699c39a000d13ea6  libguestfs-rsync-1.28.1-1.55.el7.centos.2.x86_64.rpm
0efaaec4a7d7ddc9d38c1b79c11a1c501db0696a16f158afd72d173ed08544c9  libguestfs-tools-1.28.1-1.55.el7.centos.2.noarch.rpm
16b577c6b8a7058a54afef6dae8080bf922721a2d82c74a105f3172621fe1f0a  libguestfs-tools-c-1.28.1-1.55.el7.centos.2.x86_64.rpm
45a6688b5ed0f78fd2509e1ed738fe93df957fa0645719089ff2096699d20c65  libguestfs-xfs-1.28.1-1.55.el7.centos.2.x86_64.rpm
b45d3ddccc275dc1ffc11b527c70b97cc6f1a6ded8c8fb3d36c1b77bedb99656  lua-guestfs-1.28.1-1.55.el7.centos.2.x86_64.rpm
522dab43977b5ffa55b3580d1b872b6c39d64f3a0647bcc3f610e94b6a4cf359  ocaml-libguestfs-1.28.1-1.55.el7.centos.2.x86_64.rpm
c18daa1c6e22fa68e43fa4af67432775c4b85117fe8a602e73aa04a24129350c  ocaml-libguestfs-devel-1.28.1-1.55.el7.centos.2.x86_64.rpm
4a2cf803a443ac25202b14edfd8793f082f108f085f4516cc92ae08979e7593f  perl-Sys-Guestfs-1.28.1-1.55.el7.centos.2.x86_64.rpm
75b4ef7132a57003bcafca7da181be5a52893cfc57bdef249c2e7dcf217d7cb0  python-libguestfs-1.28.1-1.55.el7.centos.2.x86_64.rpm
986a65c4ff8627f2b5824ea053c34164a238c8f1b8d8de563be79360d22434da  ruby-libguestfs-1.28.1-1.55.el7.centos.2.x86_64.rpm
24df4ea90173c3cfc1093235cf61d86fa76c19be7c11df650ad91d322f1c1d61  virt-v2v-1.28.1-1.55.el7.centos.2.x86_64.rpm

Source:
da1fc6d0671953604c8bf0c9f39a28ffad402fbd10d858f2119fcaa63335e454  libguestfs-1.28.1-1.55.el7.centos.2.src.rpm
NVD

CVE-2016-2000

Leave a comment

HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.