Red Hat Security Advisory 2017-0868-01 – Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.
Monthly Archives: April 2017
Ubuntu Security Notice USN-3253-1
Ubuntu Security Notice 3253-1 – It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Various other issues were also addressed.
CVE-2017-7410
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
Security Analyst Summit 2017 Day One Recap
Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT.
CVE-2017-5685
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.
CVE-2017-5686
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information.
CVE-2017-5684
The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.
Cross-site request forgery (CSRF) vulnerability in the D-Link (DIR 615 ) Wireless Router Firmware:20.09
Posted by pratik shah on Apr 03
*Title:*
====
D-Link DIR 615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery
(CSRF) vulnerability
*Credit:*
======
Name: Pratik S. Shah
*Reference:*
=========
CVE Details: CVE-2017-7398.
*Date:*
====
1-04-2017
*Vendor:*
======
D-Link wireless router
*Product:*
=======
DIR-615
*Affected Version:*
=============
Hardware: T1 , Firmware: 20.09
*Abstract:*
=======
D-Link DIR 615 (HW: T1 FW:20.09) is vulnerable to Cross-Site…
APPLE-SA-2017-04-03-1 iOS 10.3.1
Posted by Apple Product Security on Apr 03
APPLE-SA-2017-04-03-1 iOS 10.3.1
iOS 10.3.1 is now available and addresses the following:
Wi-Fi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Impact: An attacker within range may be able to execute
arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved
input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero
Installation…
CVE Request — mapr: information disclosure vulnerability
Posted by Mark Felder on Apr 03
Hello,
The mapr web frontend component creates an information disclosure
vulnerability. During the setup of mapr the configure.sh script calls a
function ConfigureWSRole:
function ConfigureWSRole() {
if [ $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ];
then
ConfigureRunUserForWS
fi
This calls ConfigureRunUserForWS from configure-common.sh:
function ConfigureRunUserForWS() {
local val=`getent group shadow…