One of the realities of today’s cybersecurity threatscape is not if you will be breached, but when, and how often. As good as cybersecurity is becoming – i.e. prevention solutions provide a 99.9 percent or higher detection rate for common malware – effective cybersecurity depends upon three pillars – prevention, detection and resolution – with the latter two required to address those situations where prevention isn’t enough.
Knot Resolver 1.2.3 (2017-02-23)
================================
Bugfixes
——–
– Disable storing GLUE records into the cache even in the
(non-default) QUERY_PERMISSIVE mode
– iterate: skip answer RRs that don’t match the query
– layer/iterate: some additional processing for referrals
– lib/resolve: zonecut fetching error was fixed
Knot Resolver 1.2.2 (2017-02-10)
================================
Bugfixes:
———
– Fix -k argument processing to avoid out-of-bounds memory accesses
– lib/resolve: fix zonecut fetching for explicit DS queries
– hints: more NULL checks
– Fix TA bootstrapping for multiple TAs in the IANA XML file
Testing:
——–
– Update tests to run tests with and without QNAME minimization
Knot Resolver 1.2.1 (2017-02-01)
====================================
Security:
———
– Under certain conditions, a cached negative answer from a CD query
would be reused to construct response for non-CD queries, resulting
in Insecure status instead of Bogus. Only 1.2.0 release was affected.
Documentation
————-
– Update the typo in the documentation: The query trace policy is
named policy.QTRACE (and not policy.TRACE)
Bugfixes:
———
– lua: make the map command check its arguments
Knot DNS 2.4.1 (2017-02-10)
===========================
Bugfixes:
——–
– Transfer of a huge rrset goes into an infinite loop
– Huge response over TCP contains useless TC bit instead of SERVFAIL
– Failed to build utilities with disabled daemon
– Memory leaks during keys removal
– Rough TSIG packet reservation causes early truncation
– Minor out-of-bounds string termination write in rrset dump
– Server crash during stop if failed to open timers DB
– Poor minimum UDP-max-size configuration check
– Failed to receive one-record-per-message IXFR-style AXFR
– Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
Improvements:
————-
– Speed-up of rdata addition into a huge rrset
– Introduce check of minumum timeout for next refresh
– Dnsproxy module can forward all queries without local resolving
—-
Latest upstream release. Includes bugfixes for DNSSEC key management.
—-
Latest upstream versions with bunch of impotant bugfixes.
Posted by NL Deloitte Zero Day (NL – Amsterdam) on Feb 27
Hi list,
We have found a Cross-site scripting vulnerability in SAP BusinessObjects Financial Consolidation.
[Description]
Cross-site scripting (XSS) vulnerability in the help component of SAP
BusinessObjects Financial Consolidation 10.0.0.1933 allows remote
attackers to inject arbitrary web script or HTML via a GET request.
——————————————
[Additional Information]
The help pages of SAP BusinessObjects Financial…
Posted by Jason Geffner on Feb 27
CVE-2016-9892 – Remote Code Execution as Root via ESET Endpoint Antivirus 6
—————————————————————————
Summary
=======
Name: Remote Code Execution as Root via ESET Endpoint Antivirus 6
CVE: CVE-2016-9892
Discoverers: Jason Geffner and Jan Bee
Vendor: ESET
Product: ESET Endpoint Antivirus 6 for macOS
Risk: Critical
Discovery Date: 2016-11-03
Publication Data: 2017-02-27
Fixed Version: 6.4.168.0…
Posted by Manuel Garcia Cardenas on Feb 27
=============================================
MGC ALERT 2017-002
– Original release date: February 21, 2017
– Last revised: February 28, 2017
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
WordPress Plugin Kama Click Counter 3.4.9 – Blind SQL Injection
II. BACKGROUND
————————-
Using this plugin you will have…
Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations.
Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in its Edge and Internet Explorer browsers.
Out of all the cybercrimes from malware to social engineering, the creepiest has to be a stranger watching your child through a webcam or baby monitor in their room. As this year’s Mobile World Congress starts in Barcelona, Avast researchers reveal that half a million smart devices in the city, including webcams and baby monitors, are currently vulnerable to cyber attack.
Ubuntu Security Notice 3212-1 – It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Over the course of the last six months, Cloudflare bled a lot of sensitive data. The reason? A bug in its HTML-Parser that in the end impacted millions of websites. Beside other things, they offer DDoS protection and a CDN service. Due to the massiv amount of affected websites its a rather important issue and it’s […]
The post Cloudflare, Cloudbleed – or 3,400 reasons of shit happens appeared first on Avira Blog.
