HP Security Bulletin HPSBGN03567 1 – A security vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP Asset Manager. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
Monthly Archives: April 2016
HP Security Bulletin HPSBUX03561 1
HP Security Bulletin HPSBUX03561 1 – Potential security vulnerabilities has been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create Denial of Service (DoS), access restriction bypass, unauthorized read access to files, arbitrary code execution, and execution of arbitrary code with privilege elevation. Revision 1 of this advisory.
HP Security Bulletin HPSBHF03431 3
HP Security Bulletin HPSBHF03431 3 – Potential security vulnerabilities have been identified with HPE Network Switches. The vulnerabilities could be exploited locally to allow bypass of security restrictions, and indirect vulnerabilities. Note: Versions 15.16.xxxx and 15.17.xxxx were incorrectly identified as vulnerable, the only affected versions are KB.15.18.0006 & KB.15.18.0007. Revision 3 of this advisory.
Slackware Security Advisory – php Updates
Slackware Security Advisory – New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
Red Hat Security Advisory 2016-0534-01
Red Hat Security Advisory 2016-0534-01 – MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB.
Red Hat Security Advisory 2016-0566-01
Red Hat Security Advisory 2016-0566-01 – libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.
Gentoo Linux Security Advisory 201604-02
Gentoo Linux Security Advisory 201604-2 – Insufficient constraints in Apache’s Xalan-Java might allow remote attackers to execute arbitrary code and load arbitrary classes. Versions less than 2.7.2 are affected.
HP Security Bulletin HPSBGN3547 1
HP Security Bulletin HPSBGN3547 1 – Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot = dot) in the Filename field of an RRQ operation. Revision 1 of this advisory.
Infamous Hacker 'Guccifer' appears in US Court after Extradition
Marcel Lazar Lehel aka “Guccifer” – an infamous Romanian hacker who hacked into the emails and social networking accounts of numerous high profile the US and Romanian Politicians – appeared in the United States court for the first time after extradition.
Following Romania’s top court approval last month, Guccifer was extradited to the United States recently from Romania, his home country,
Infra – CentOS forums migration
Just to inform you that we'll move some services to a new node, and so there will be a small impact for the following services : - https://www.centos.org (no real downtime, as it will just be redirected automatically) - https://www.centos.org/forums (see below) During that migration we'll also consolidate IPv6 and IPv4 connectivity and also we'll be able to implement higher protocol than TLS 1.0 (because we are/were still using a CentOS 5 based node in the previous setup) Migration is scheduled for """"Wednesday April 6th, 7:00 am UTC time"""". You can convert to local time with $(date -d '2016-04-06 7:00 UTC') The expected "downtime" is estimated to ~30 minutes , time needed to update/propagate updated dns A/AAAA record[s] + last mysql dump/restore on the new node. Thanks for your comprehending and patience. on behalf of the Infra team,