Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
Monthly Archives: April 2016
CVE-2015-8106
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the keywords command in a crafted TeX file.
CVE-2016-3071
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.
CVE-2016-3950
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
CVE-2016-4036
openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.
[Infra] : DevCloud maintenance window notification
Due to recent changes in the racks hosting the DevCloud nodes (https://wiki.centos.org/DevCloud), we'll have to reorganize the physical placement of those nodes. That means that we'll have to shut down/power off the whole DevCloud infra, migrate the nodes in another rack, and slowly restart all the services running on those nodes. Important notice : if you are a CentOS contributor/developer having some Virtual Machines in DevCloud, ensure that everything is correctly setup on your side, as we'll only (from an hypervisor PoV) issue acpi shutdown to the VMs Other impacted services: - http://planet.centos.org - http://seven.centos.org - http://armv7.dev.centos.org (plague-server, so no armhfp build during that maintenance window) Migration is scheduled for """"Tuesday April 26th, 2:30 pm UTC time"""". You can convert to local time with $(date -d '2016-04-26 14:30 UTC') We'll slowly restart services when possible and we expect everything to be back online before 8:00 pm UTC. Thanks for your comprehending and patience. on behalf of the Infra team,
When it comes to Antivirus programs – There can be only one
Ever think that a computer has better protection if it has two antivirus programs running at the same time? Well, you might want to rethink because in this case, one is better than two.
The post When it comes to Antivirus programs – There can be only one appeared first on Avira Blog.
Novell ServiceDesk Authenticated File Upload
This Metasploit module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Novell.
Debian Security Advisory 3551-1
Debian Linux Security Advisory 3551-1 – It was discovered that fuseiso, a user-space implementation of the ISO 9660 file system based on FUSE, contains several vulnerabilities.
Debian Security Advisory 3552-1
Debian Linux Security Advisory 3552-1 – Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager.