When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application.
Monthly Archives: January 2017
Bugtraq: ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities
ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities
Bugtraq: [SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure
[SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure
Bugtraq: [SECURITY] [DSA 3753-1] libvncserver security update
[SECURITY] [DSA 3753-1] libvncserver security update
RHBA-2017:0027-1: openvswitch bug fix update
Red Hat Enterprise Linux: An updated openvswitch package that fixes multiple bugs is now available.
RHBA-2017:0028-1: microcode_ctl bug fix update
Red Hat Enterprise Linux: Updated microcode_ctl packages that fix one bug are now available for Red Hat
Enterprise Linux 7.
USN-3164-1: Exim vulnerability
Ubuntu Security Notice USN-3164-1
5th January, 2017
exim4 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Exim could be made to expose private DKIM signing keys.
Software description
- exim4
– Exim is a mail transport agent
Details
Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain
configurations, private DKIM signing keys could be leaked to the log files.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
exim4-daemon-heavy
4.87-3ubuntu1.1
-
exim4-daemon-light
4.87-3ubuntu1.1
- Ubuntu 16.04 LTS:
-
exim4-daemon-heavy
4.86.2-2ubuntu2.1
-
exim4-daemon-light
4.86.2-2ubuntu2.1
- Ubuntu 14.04 LTS:
-
exim4-daemon-heavy
4.82-3ubuntu2.2
-
exim4-daemon-light
4.82-3ubuntu2.2
- Ubuntu 12.04 LTS:
-
exim4-daemon-heavy
4.76-3ubuntu3.4
-
exim4-daemon-light
4.76-3ubuntu3.4
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
A new Locky ransomware attack is coming
Locky ransomware, a variant of ransomware that scrambles your files, changes all the names, and then demands payment to unscramble them and release them back to you, has taken a holiday of sorts. Avast detection of Locky shows that attacks have slowed down considerably during the days before Christmas through New Year and leading up to Eastern Orthodox Christmas, which is celebrated in Russia on January 7.
Netgear launches Bug Bounty Program for Hacker; Offering up to $15,000 in Rewards
It might be the easiest bug bounty program ever.
Netgear launched on Thursday a bug bounty program to offer up to $15,000 in rewards to hackers who will find security flaws in its products.
Since criminals have taken aim at a rapidly growing threat surface created by millions of new Internet of things (IoT) devices, it has become crucial to protect routers that contain the keys to the
Hashcat Advanced Password Recovery 3.30 Source Code
Hashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.