Slackware Security Advisory – New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
Monthly Archives: September 2016
Ubuntu Security Notice USN-3085-1
Ubuntu Security Notice 3085-1 – It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the GDK-PixBuf library contained an integer overflow when handling certain images. If a user or automated system were tricked into opening a crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
Drupal Core – Critical – Multiple Vulnerabilities – SA-CORE-2016-004
Description
Users who have rights to edit a node, can set the visibility on comments for that node.
- Advisory ID: DRUPAL-SA-CORE-2016-004
- Project: Drupal core
- Version:li 8.x
- Date: 2016-September-21
- Security risk: 18/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default
- Vulnerability:
Description
Users without “Administer comments” can set comment visibility on nodes they can edit. (Less critical)
Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.
Cross-site Scripting in http exceptions (critical)
An attacker could create a specially crafted url, which could execute arbitrary code in the victim’s browser if loaded. Drupal was not properly sanitizing an exception
Full config export can be downloaded without administrative permissions (critical)
The system.temporary route would allow the download of a full config export. The full config export should be limited to those with Export configuration permission.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
8.x
Solution
Upgrade to Drupal 8.1.10
Reported by
Users without “Administer comments” can set comment visibility on nodes they can edit.
XSS in http exceptions
Full config export can be downloaded without administrative permissions
Fixed by
Users without “Administer comments” can set comment visibility on nodes they can edit.
- Lee Rowlands of the Drupal Security Team
- Stefan Ruijsenaars of the Drupal Security Team
- Andrey Postnikov
- Daniel Wehner
XSS in http exceptions
- xjm of the Drupal Security Team
- Daniel Wehner
- Alex Pott of the Drupal Security Team
- Cash Williams of the Drupal Security Team
- Pere Orga of the Drupal Security Team
- David Snopek of the Drupal Security Team
- Heine Deelstra of the Drupal Security Team
Full config export can be downloaded without administrative permissions
- Nathaniel Catchpole of the Drupal Security Team
- Alex Pott of the Drupal Security Team
- Anton Shubkin
- xjm of the Drupal Security Team
- Peter Wolanin of the Drupal Security Team
Coordinated by
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
WordPress Blogs Integration to Existing Websites
Hope you are doing excellent! Do your need an online face where your prospective and existing customers can know about your business? Or, you find it difficult to upload content and image on your existing website? If yes, this email is surely for you! This side Meghna Tyagi, Business Development Executive of India's leading offshore Website Design and Development service provider, especially in WordPress CMS. A CMMI level 3 NASSCOM certified organization, we are a family of 150+ designers and developers who are always there to amaze the clients with our ability to develop high-end WordPress websites, corporate blogs and eCommerce stores from the scratch. Moreover, we can also do the makeover of your existing WordPress website i.e redesigning or advanced features integration. Some of Our Offered Services are: • WordPress Website Designing from Scratch. • WordPress Website Redesigning. • WordPress Corporate Blog Development. • WordPress Installation, Integration and Upgrading. • WordPress Theme Development, Installation and Integration. • WordPress Blogs Integration to Existing Websites. • Migrating Existing Websites to WordPress. • WooCommerce Store Development. • Advanced Features Integration in Existing WordPress Websites. Please reply to this email if I can help in any way regarding your WordPress related existing or prospective website. Based on your response, I will use my official email id to initiate further communications with you regarding your project. NOTE: • The development budget is something that we are flexible. We have an assorted range of development plans that you will never worry about your budget. • If you want to see our developed WordPress-based website, kindly reply back to this email. I will be happy to showcase our past works related to your business. Looking forward to your positive response. Regards, Meghna Tyagi (Business Development Executive)
Tesla Model S hacked from 12 miles away
A team of researchers was able to hack the controls of a Tesla Model S from a distance of 12 miles – adjusting the mirrors, locks and even slamming on the brakes.
The post Tesla Model S hacked from 12 miles away appeared first on WeLiveSecurity.
Symantec Outdated RAR Decomposer
Symantec Antivirus includes RAR unpacking memory corruption issues that can lead to remote code execution.
Microsoft Office PowerPoint 2010 Invalid Pointer Reference
Microsoft PowerPoint 2010 suffers from an invalid pointer dereference vulnerability.
CVE-2015-8871 (debian_linux, openjpeg)
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-4300 (enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, libarchive)
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2016-4301 (libarchive)
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.