This archive contains 227 exploits that were added to Packet Storm in August, 2015.
Monthly Archives: August 2015
Ubuntu Security Notice USN-2726-1
Ubuntu Security Notice 2726-1 – It was discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code.
HP Security Bulletin HPSBMU03401 1
HP Security Bulletin HPSBMU03401 1 – Potential security vulnerabilities have been identified in HP Operations Manager for UNIX and Linux. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as “Logjam” could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as “Bar Mitzvah” could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
HP Security Bulletin HPSBGN03403 1
HP Security Bulletin HPSBGN03403 1 – A potential security vulnerability has been identified in HP Virtualization Performance Viewer. The RC4 stream cipher vulnerability in SSL/TLS known as “Bar Mitzvah” could be exploited remotely to allow unauthorized disclosure of information. Revision 1 of this advisory.
Red Hat Security Advisory 2015-1694-01
Red Hat Security Advisory 2015-1694-01 – gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application.
Red Hat Security Advisory 2015-1695-01
Red Hat Security Advisory 2015-1695-01 – jakarta-taglibs-standard is the Java Standard Tag Library. This library is used in conjunction with Tomcat and Java Server Pages. It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution. Note: jakarta-taglibs-standard users may need to take additional steps after applying this update.
Debian Security Advisory 3346-1
Debian Linux Security Advisory 3346-1 – Several vulnerabilities were discovered in Drupal, a content management framework.
Red Hat Security Advisory 2015-1697-01
Red Hat Security Advisory 2015-1697-01 – In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.1 offering will be retired as of October 31, 2015, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including Critical impact security patches or urgent priority bug fixes, after this date.
Back to school: Are you prepared?
Parents everywhere have been preparing for the back to school rush. It’s a ritual of making sure that the children are equipped with new backpacks, new binders, sports gear and uniforms and so on. For some parents, there is the complexity of purchasing a new laptop or tablet and having to decide which one to buy.
If you are still in the depths of deciding which device to purchase, my earlier blog may help you and can be found here: 7 tips for picking the right back to school device.
I sent my son off to school with the same laptop he had last year. If you’re doing the same, I recommend you take the time to ensure it’s working as expected and in a clean state – just like you would with the backpacks and other gear.
As part of being a responsible parent, it’s important to have visibility to what our kids are doing on those laptops and tablets, especially on hand-held devices such as a smartphone. While we don’t want to be intrusive, we do want to ensure our kids are being safe online and are using these connected devices in a responsible and mature way.
I feel that what kids do online is ultimately the parent’s responsibility. Just like children are taught to cross the road safely, guidance is needed in the online world. Some schools have even supported this notion by requiring parents to sign school acceptable usage policy, which makes them responsible. See my previous blog on this: Parents, have you signed a school digital policy?
AVG recently commissioned a Harris Poll which asked parents in the United States about their monitoring habits. First, 85% of parents said that their 3-17 year old does indeed have their own device – and most of them got that device by the 7th grade (or age 11)! I’d be willing to bet that the remaining 15% are in the younger age group because when we’re talking about older children, I believe it’s really closer to 100%.
Are parents looking and monitoring those gadgets? 88% of U.S. parents say they do check their child’s activity online with more than 60% checking at least once a week. However, about 1 in 10 never check their child’s text messages, emails, social media, etc. Some say because they believe it’s an invasion of privacy. When my son was younger, he always used devices in a public setting in the home like the living room or the kitchen and as a minor; we didn’t consider his online use needing to be private. Now that he’s older, I give him a lot more space.
More than half don’t know the password of their kid’s device. I think in reality though, parents may think they know the password but when placing the device in front of them and asked to unlock it, many probably couldn’t.
In my family environment we encourage dialogue about being online and it is understood to be a privilege to have devices. And its understood that if I want to have a look then I can. We also have other rules that mean no devices after 9pm, not in bedrooms and never at the meal table. Every family will have different rules but keeping some family time without devices is a good thing, especially if all the adults participate.
As your child heads of to school in the coming weeks remember that the devices the are carrying are a learning tool in the same way their text books and notebooks need to be in good order, so do their technology. Making sure they are performing well and running securely is a parent’s responsibility, we have some free software that will assist you – AVG Antivirus FREE & AVG Antivirus for Android will do a quick cleanup. To keep those devices working at their optimum, download a trial of AVG PC TuneUp and run the recommended maintenance items.
Good luck with the new school year.
Follow me on Twitter @TonyatAVG
AVG Helps Secure Obi Worldphone Smartphones
SAN FRANCISCO– August 31, 2015 – AVG® Technologies N.V. (NYSE: AVG), the online security company™ for more than 200 million monthly active users, announced today a new global partnership with smartphone manufacturer Obi Worldphone to provide mobile security across its new range of SF1 and SJ1.5 smartphones. Launched in numerous countries worldwide and unveiled at a special event in San Francisco, the devices will come pre-installed with AVG’s flagship AVG AntiVirus PRO for Android™ app, giving Obi Worldphone customers the peace of mind that they can use their devices safely and securely straight out of the box.
“With mobile the primary source of Internet connectivity for many smartphone users in emerging markets, security is becoming an increasing concern for device manufacturers looking to deliver the best experience to their customers,” said David Ferguson, Senior Vice President, Revenue & Business Operations, AVG Technologies. “This partnership enables AVG to further our expansion into some of the markets where we are seeing an increase in mobile phone use, ensuring that we continue to secure and protect people, devices and data across the globe.”
Under the terms of the partnership, Obi Worldphone customers will receive a free, 30-day trial of the AVG AntiVirus PRO for Android™ app. After the trial, customers can either choose to keep the enhanced features by purchasing the annual subscription or use AVG AntiVirus FREE for Android™, which equips their smartphone or tablet with core protection.
“We have partnered with the best in the industry in bringing this new range of devices to market, and AVG is a prime example,” said Neeraj Chauhan, CEO, Obi Mobile, maker of the Obi Worldphone. “With smartphone users increasingly relying on their devices for a whole range of online activities such as gaming, shopping and even more sensitive transactions such as online banking, we are committed to providing safe, secure mobile connectivity for our customers from the outset.”
About AVG Technologies (NYSE: AVG)
AVG is the online security company providing leading software and services to secure devices, data and people. AVG’s award-winning technology is delivered to over 200 million monthly active users worldwide. AVG’s Consumer portfolio includes internet security, performance optimization, and personal privacy and identity protection for mobile devices and desktops. The AVG Business portfolio – delivered by managed service providers, VARs and resellers – offers IT administration, control and reporting, integrated security, and mobile device management that simplify and protect businesses.
All trademarks are the property of their respective owners.
US: Deanna Contreras
Tel: +1 415 371 2001
Email: [email protected]
Rest of World: Zena Martin
Tel: +44 7496 638 342
Email: [email protected]
Press information: http://now.avg.com