markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
Monthly Archives: October 2014
CVE-2014-3696 (pidgin)
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
CVE-2014-4839 (tririga_application_platform)
Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2014-3697 (pidgin)
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
CVE-2014-4877 (wget)
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
CVE-2014-6149 (tivoli_application_dependency_discovery_manager)
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors.
Google outlines new security features in Android 5.0
Google has outlined the enhanced security credentials of the upcoming Android 5.0 – nicknamed Lollipop – in an official blog post.
The post Google outlines new security features in Android 5.0 appeared first on We Live Security.
Mandriva Linux Security Advisory 2014-211
Mandriva Linux Security Advisory 2014-211 – A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the privileges of the wpa_cli/hostapd_cli process (which may be root in common use cases. Using the wpa_supplicant package, systems are exposed to the vulnerability if operating as a WPS registrar.
Fedora 20 Security Update: xml-security-1.5.7-1.fc20
CEBA-2014:1720 CentOS 6 libvirt BugFix Update
CentOS Errata and Bugfix Advisory 2014:1720 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1720.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 93824da6076951816853ddf422f9eb7a87a684b7073053c70e1c8f6e709c9a68 libvirt-0.10.2-46.el6_6.1.i686.rpm d0119415784cb583ad5f7de6c3f7bb28bde47ad44871b20fbe68f22083d4a4aa libvirt-client-0.10.2-46.el6_6.1.i686.rpm a1bce436cac2b3576fcf19eb5d770e605da6580be27a7c11cd727e3aa21defe4 libvirt-devel-0.10.2-46.el6_6.1.i686.rpm fd56ace11917f573037e772bb3a18b2dca8c18929547a956894470cccebd5535 libvirt-python-0.10.2-46.el6_6.1.i686.rpm x86_64: 8794744980bf3479b87e6ba6f0c64019ed0a6feaa5244434068bc597d2204116 libvirt-0.10.2-46.el6_6.1.x86_64.rpm d0119415784cb583ad5f7de6c3f7bb28bde47ad44871b20fbe68f22083d4a4aa libvirt-client-0.10.2-46.el6_6.1.i686.rpm b898d56697937bf94a1c30b6aa6fbf6ec0fef998868115926d717e819d708c3d libvirt-client-0.10.2-46.el6_6.1.x86_64.rpm a1bce436cac2b3576fcf19eb5d770e605da6580be27a7c11cd727e3aa21defe4 libvirt-devel-0.10.2-46.el6_6.1.i686.rpm a64edf2ae2ef8246053a11f83b437b7f3f6a8802ad8683d83889498606982b81 libvirt-devel-0.10.2-46.el6_6.1.x86_64.rpm e63ce01dc14e8e120cd125b9843f274a5fce376b939f54cbc45a7b8efb14c2cb libvirt-lock-sanlock-0.10.2-46.el6_6.1.x86_64.rpm 528e3f460fddf04d3edf3b4886913af3873a46d46b214b696bd1a1c298775231 libvirt-python-0.10.2-46.el6_6.1.x86_64.rpm Source: 4af1f22112772ec08fe95e5bdb9ff81e832d841c637ee7b6cb81ccb6515f949d libvirt-0.10.2-46.el6_6.1.src.rpm