Monthly Archives: January 2017
GLSA 201701-31: flex: Potential insecure code generation
GLSA 201701-32: phpMyAdmin: Multiple vulnerabilities
CVE-2017-0003
Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.”
CVE-2017-0004
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka “Local Security Authority Subsystem Service Denial of Service Vulnerability.”
CVE-2017-0002 (edge)
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka “Microsoft Edge Elevation of Privilege Vulnerability.”
Microsoft Issues Record Low Number of Patch Tuesday Bulletins
Microsoft patched vulnerabilities that were tied to a variety of its products including Office 2016, its Edge browser and its Local Security Authority Subsystem Service (LSASS).
libgit2-0.24.6-1.fc25
Update to 0.24.6
libgit2-0.24.6-1.fc24
Update to 0.24.6
Amazon Echo and the Alexa dollhouses: Security tips and takeaways
Tips on securing the Alexa service on Amazon Echo devices, notably voice purchasing, a topic brought into focus by the recent “San Diego dollhouse TV story”.
The post Amazon Echo and the Alexa dollhouses: Security tips and takeaways appeared first on WeLiveSecurity
