Zabbix Agent version 3.0.1 suffers from a remote shell command injection vulnerability via mysql.size.
Monthly Archives: May 2016
Ubuntu Security Notice USN-2959-1
Ubuntu Security Notice 2959-1 – Huzaifa Sidhpurwala, Hanno Boeck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. Various other issues were also addressed.
Red Hat Security Advisory 2016-0711-01
Red Hat Security Advisory 2016-0711-01 – OpenShift Enterprise by Red Hat is the company’s cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix: The Jenkins continuous integration server has been updated to upstream version 1.642.2 LTS that addresses a large number of security issues, including XSS, CSRF, information disclosure, and code execution.
Slackware Security Advisory – mercurial Updates
Slackware Security Advisory – New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
Debian Security Advisory 3566-1
Debian Linux Security Advisory 3566-1 – Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.
Red Hat Security Advisory 2016-0716-01
Red Hat Security Advisory 2016-0716-01 – IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
Moxa MiiNePort Weak Credential Management / CSRF
Moxa MiiNePort suffers from cross site request forgery, weak credential management, and sensitive information protection vulnerabilities.
CONFidence 2016 Call For Papers
CONFidence 2016 Call For Papers – This conference will take place from May 19th through the 20th, 2016 in Krakow, Poland.
Apple Releases Security Update
Original release date: May 03, 2016
Apple has released a security update for Xcode to address two vulnerabilities. Exploitation of either of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Apple security update for Xcode and update to version 7.3.1 for OS X El Capitan v10.11 and later.
This product is provided subject to this Notification and this Privacy & Use policy.
Bugtraq: LSE Leading Security Experts GmbH – LSE-2016-02-03 – OXID eShop Path Traversal Vulnerability
LSE Leading Security Experts GmbH – LSE-2016-02-03 – OXID eShop Path Traversal Vulnerability