Monthly Archives: October 2014

Mandriva

MDVSA-2014:210: mariadb

Multiple vulnerabilities has been discovered and corrected in mariadb:

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
and 5.6.20 and earlier allows remote authenticated users to affect
availability via vectors related to SERVER:INNODB DML FOREIGN KEYS
(CVE-2014-6464).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler
and 5.6.20 and earlier allows remote authenticated users to affect
availability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,
and 5.6.20 and earlier, allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
SERVER:DML (CVE-2014-6507).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier
and 5.6.20 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
SERVER:DML (CVE-2014-6555).

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and
earlier, and 5.6.20 and earlier, allows remote attackers to affect
confidentiality via vectors related to C API SSL CERTIFICATE HANDLING
(CVE-2014-6559).

The updated packages have been upgraded to the 5.5.40 version which
is not vulnerable to these issues.

Additionally MariaDB 5.5.40 removed the bundled copy of jemalloc from
the source tarball and only builds with jemalloc if a system copy
of the jemalloc library is detecting during the build. This update
provides the jemalloc library packages to resolve this issue.

Redhat

RHSA-2014:1728-1: Moderate: Red Hat JBoss Enterprise Web Platform 5.2.0 security update

Red Hat Enterprise Linux: Updated packages for Red Hat JBoss Enterprise Web Platform 5.2.0 that fix
one security issue are now available for Red Hat Enterprise Linux 4, 5,
and 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2013-4517

Redhat

RHSA-2014:1726-1: Moderate: Red Hat JBoss Enterprise Application Platform 5.2.0 security update

Red Hat Enterprise Linux: Updated packages for Red Hat JBoss Enterprise Application Platform 5.2.0
that fix one security issue are now available for Red Hat Enterprise Linux
4, 5, and 6.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2013-4517

Redhat

RHSA-2014:1724-1: Important: kernel security and bug fix update

Red Hat Enterprise Linux: Updated kernel packages that fix several security issues and bugs are
now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-4653, CVE-2014-5077

Full Disclosure

DAVOSET v.1.2.1

Posted by MustLive on Oct 28

Hello participants of Mailing List.

After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I’ve made next update of the software. At 23rd of October DAVOSET v.1.2.1
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

Also yesterday I opened a…