FreeBSD Security Advisory – A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to lack of sufficient bounds checking during argument validity verification, unbound zero’ing of the process LDT and adjacent memory can be initiated from usermode. This vulnerability could cause the kernel to panic. In addition it is possible to perform a local Denial of Service against the system by unprivileged processes.
Monthly Archives: October 2016
libpcap 1.8.1
Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.
HP Thin Pro OS Local Privilege Escalation
HP Thin Pro OS suffers from a local privilege escalation vulnerability.
WhatsApp Video Calling for Android – Download Beta Version Here
WhatsApp is, no doubt, the largest end-to-end encrypted messaging network that allows over billion of its users to send messages, photos, videos, voice messages, documents, and calls that are secure from falling into the wrong hands.
And now it seems like WhatsApp is rolling out a much-awaited feature for the new beta versions of its Android app: Video Calling.
New beta version 2.16.318 of
AST-2016-007: UPDATE
Posted by Asterisk Security Team on Oct 25
On September 8, the Asterisk development team released the AST-2016-007
security advisory. The security advisory involved an RTP resource
exhaustion that could be targeted due to a flaw in the “allowoverlap”
option of chan_sip. Due to new information presented to us by Walter
Doekes, we have made the following updates to the advisory.
In the “Description” section, the following text has been added:
UPDATE (20 October,…
Joomla! Releases Security Update for CMS
Original release date: October 25, 2016
Joomla! has released version 3.6.4 of its Content Management System (CMS) software to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website.
Users and administrators are encouraged to review the Joomla! Release News and US-CERT’s Alert on Content Management Systems Security and Associated Risks and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Apple Patches iOS Flaw Exploitable by Malicious JPEG
Apple on Monday rolled out dozens of patches including ones for its recently released Sierra operating system, OS X, iOS 10.1, watchOS, and Apple TV’s tvOS, along with fixes for Safari.
Hucky Ransomware: A Hungarian Locky Wannabe
At Avast Threat Labs, we are constantly monitoring the threat landscape and evaluating current risks. Most of the time, we face prevalent strains of malware, such as Locky or Cerber ransomware, but from time to time we are alerted by our automated systems about anomalies within active in-the-wild samples. These alerts are either new techniques used by known malware or a discovery of a new strain.
Joomla Joomla! Two Critical Flaws Discovered — Update to Protect Your Site
Joomla – the world’s second popular open source Content Management System (CMS) software packages, has just released the latest version of its CMS, which includes patches for two critical security vulnerabilities and a bug fix.
<!– adsense –>
The two critical flaws, both exist in the Joomla Core functionalities, include Account Creation Vulnerability (CVE-2016-8870) and Elevated Privileges
CVE-2016-8289
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.