Resolved Bugs
1158089 – CVE-2014-8132 libssh: Possible double free on a dangling pointer with crafted kexinit packet
1176145 – CVE-2014-8132 libssh: Possible double free on a dangling pointer with crafted kexinit packet [fedora-all]<br
Security fix for CVE-2014-8132.
Monthly Archives: December 2014
Fedora EPEL 6 Security Update: libssh-0.5.5-3.el6
FTC Releases "Package Delivery" Themed Scam Alert
Original release date: December 19, 2014
The Federal Trade Commission (FTC) has released a Scam Alert addressing a “Package Delivery” themed phishing campaign regarding package delivery notifications from the U.S. Postal Service. Scam operators often use false information linked to reputable organizations to imply the email is legitimate.
Users are encouraged to review the FTC Scam Alert for details, and refer to the Recognizing and Avoiding Email Scams Publication for information on email scams.
This product is provided subject to this Notification and this Privacy & Use policy.
CVE-2013-7401
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a ” ” or “?” character in an ICAP request, as demonstrated by use of the OPTIONS method.
JasPer 1.900.1 Double-Free / Heap Overflow
The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file, can be used to trigger the vulnerabilities. Versions 1.900.1 and below are affected.
Top Cybersecurity Issues of 2014: Overrated or Underrated? – Software Advice
CVE-2014-5212
Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.
CVE-2014-5213
nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.
FBI Believes North Korea Is Behind The Sony Attack
Exploits Circulating for Remote Code Execution Flaws in NTP Protocol
Researchers at Google have uncovered several serious vulnerabilities in the Network Time Protocol and experts warn that there are exploits publicly available for some of the bugs. The vulnerabilities are present in all versions of NTP prior to 4.2.8 and include several buffer overflows that are remotely exploitable. The NTP is a protocol that’s used […]