CentOS Errata and Security Advisory 2016:1217 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1217.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: acc8466a5e2e7b4f97e476ef08608babd3957f9dea929ede45436549dd189940 firefox-45.2.0-1.el6.centos.i686.rpm x86_64: acc8466a5e2e7b4f97e476ef08608babd3957f9dea929ede45436549dd189940 firefox-45.2.0-1.el6.centos.i686.rpm 3c0badf351a25c811dce868afd434b9341a3da64018937be7bac76c39ecb5a42 firefox-45.2.0-1.el6.centos.x86_64.rpm Source: 733ca4db9bc0d6dcb4edc0d270299834e4b78b0f115025fd310146ce420380e2 firefox-45.2.0-1.el6.centos.src.rpm
Monthly Archives: June 2016
Comment on CryptoLocker: What Is and How to Avoid it by Suncode
Great article explaining the cryptolocker malware, thanks for sharing
University of Calgary bows down to ransomware demands
The University of Calgary has handed over $20,000 CND to cybercriminals, who had launched a ransomware attack on the institution.
The post University of Calgary bows down to ransomware demands appeared first on We Live Security.
Unpatched D-Link Wi-Fi Camera Flaw Remotely Exploitable
D-Link’s DCS930L Wi-Fi camera is vulnerable to a stack overflow vulnerability that can be remotely exploited.
CVE-2016-2142
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
CVE-2016-2149
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
CVE-2016-2160
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
CVE-2016-3703
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
CVE-2016-3708
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
CVE-2016-3711
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the “OPENSHIFT_[namespace]_SERVERID” cookie.