Ubuntu Security Notice 3228-1 – Guido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.
Monthly Archives: March 2017
Ubuntu Security Notice USN-3227-1
Ubuntu Security Notice 3227-1 – It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
Ubuntu Security Notice USN-3226-1
Ubuntu Security Notice 3226-1 – Jerzy Kramarz discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code.
Challenges and implications of cybersecurity legislation
Cybersecurity legislation: organization, collaboration and diffusion across the globe, and working towards the populization of cybersecurity culture
The post Challenges and implications of cybersecurity legislation appeared first on WeLiveSecurity
VirtualBox VM Escape From Shared Folder
There is a security issue in VirtualBox in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to the whole filesystem of the host, at least on Linux hosts.
Mac FindZip ransomware decryption tool unzips your encrypted files
Late February 2017, a new type of ransomware for Mac was discovered. This ransomware, called FindZip, infects users by pretending to be a cracked version of commercial applications, such as Adobe Premiere Pro. Once it infects a Mac, it utilizes a ZIP encryption to encrypt documents – the exact same scheme used by the Windows ransomware, Bart, which we decrypted last summer.
libICE-1.0.9-8.fc26
Security fix for CVE-2017-2626
libXdmcp-1.1.2-5.fc26
Security fix for CVE-2017-2625
CVE-2015-6671
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.
CVE-2017-5619
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.