Product Reviews and Industry Awards Show Dedication to Innovation, Leadership in Network Security
WatchGuard Receives Industry Recognition in First Quarter from CRN, SC Magazine and Info Security Product Guide
Monthly Archives: March 2013
CVE-2013-1830 (fedora, moodle)
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.
CVE-2013-1427
The configuration file for the FastCGI PHP support for lighthttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. (CVSS:1.9) (Last Update:2013-03-22)
Backports integrated into the main archive
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear users of the backports service!
The Backports Team is pleased to announce the next important step
on getting backports more integrated. People who are reading
debian-infrastructure-announce[1] will have seen that there was an
archive maintenance last weekend: starting with wheezy-backports the
packages will be accessible from the regular pool instead of a separate
one.
== For Users ==
What exactly does that mean for you? For users of wheezy, the
sources.list entry will be different, a simple substitute of squeeze
for wheezy won't work. The new format is:
deb http://ftp.debian.org/debian/ wheezy-backports main
So it is debian instead of debian-backports, and offered through the
regular mirror network. Feel invited to check your regular mirror if
it carries backports and pull from there.
== For Contributers ==
Please read the mail to debian-devel-announce[5] instead. :)
Just one thing mentioned here: technically wheezy-backports a
CVE-2013-1795 (openafs)
Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.
CVE-2013-0074 (silverlight)
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka “Silverlight Double Dereference Vulnerability.”
CVE-2013-1667
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. (CVSS:7.5) (Last Update:2014-02-06)
CVE-2012-5202 (intelligent_management_center, intelligent_management_center_for_automated_network_manager)
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1612.
CVE-2012-5208 (intelligent_management_center, intelligent_management_center_for_automated_network_manager)
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1615.
CVE-2012-5201 (intelligent_management_center, intelligent_management_center_for_automated_network_manager)
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.