Ektron CMS 9.10 SP1 – XSS Vulnerability
Monthly Archives: June 2015
Bugtraq: WebDrive Buffer OverFlow PoC
WebDrive Buffer OverFlow PoC
Bugtraq: CVE-2015-4038 – WordPress WP Membership plugin [Privilege escalation]
CVE-2015-4038 – WordPress WP Membership plugin [Privilege escalation]
Bugtraq: CVE-2015-4039 – WordPress WP Membership plugin [Stored XSS]
CVE-2015-4039 – WordPress WP Membership plugin [Stored XSS]
RHBA-2015:1040-1: Red Hat Satellite bug fix update
RHN Satellite and Proxy: Updated spacewalk-java, spacewalk-utils, satellite-schema, satellite-branding,
cobbler, and spacecmd packages that fix several bugs are now available for Red
Hat Satellite 5.7.
RHBA-2015:1039-1: chromium-browser bug fix and enhancement update
Red Hat Enterprise Linux: Updated chromium-browser packages that fix several bugs and add various
enhancements are now available for Red Hat Enterprise Linux 6.
RHBA-2015:1038-1: sanlock bug fix update
Red Hat Enterprise Linux: Updated sanlock packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
USN-2623-1: ipsec-tools vulnerability
Ubuntu Security Notice USN-2623-1
1st June, 2015
ipsec-tools vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
ipsec-tools could be made to crash if it received specially crafted network
traffic.
Software description
- ipsec-tools
– IPsec tools for Linux
Details
It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly
handled certain UDP packets. A remote attacker could use this issue to
cause racoon to crash, resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
racoon
1:0.8.0-9ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2624-1: OpenSSL update
Ubuntu Security Notice USN-2624-1
1st June, 2015
openssl update
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
The export cipher suites have been disabled in OpenSSL.
Software description
- openssl
– Secure Socket Layer (SSL) cryptographic library and tools
Details
As a security improvement, this update removes the export cipher suites
from the default cipher list to prevent their use in possible downgrade
attacks.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
libssl1.0.0
1.0.1f-1ubuntu11.1
- Ubuntu 14.10:
-
libssl1.0.0
1.0.1f-1ubuntu9.5
- Ubuntu 14.04 LTS:
-
libssl1.0.0
1.0.1f-1ubuntu2.12
- Ubuntu 12.04 LTS:
-
libssl1.0.0
1.0.1-4ubuntu5.28
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
t2'15: Call for Papers 2015 (Helsinki / Finland)
Posted by Tomi Tuominen on Jun 02
#
# t2’15 – Call For Papers (Helsinki, Finland) – October 29 – 30, 2015
#
Why spend your valuable conference time in the longest lines you have seen in your life, getting a sun burn or totally
lost in the canals with your rental boat, being deprived of chewing gum or waking up in Nong Palai without any
recollection how you got there? Helsinki offers you the safe and comfortable low-temperature alternative with a chance
of first snow….