Monthly Archives: March 2016

CentOS

CESA-2016:0302 Important CentOS 5 opensslSecurity Update

CentOS Errata and Security Advisory 2016:0302 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0302.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
045550a5b7552b7a9cd5ea7a1f866de367e3bf677d240925d633a1b7938cd07a  openssl-0.9.8e-39.el5_11.i386.rpm
8c73a864ce991ba4e6c950cc6ca642c09a7753fc5aa793a0a23e683ba5df99e9  openssl-0.9.8e-39.el5_11.i686.rpm
230b07861835e3a65052e45b617a73cbbd3057c6db38d315dbed7b3d01f1fba6  openssl-devel-0.9.8e-39.el5_11.i386.rpm
c63d611b4519928413ed611a020d7e7113ccbf6890b264b4b8399f9af7bf6140  openssl-perl-0.9.8e-39.el5_11.i386.rpm

x86_64:
8c73a864ce991ba4e6c950cc6ca642c09a7753fc5aa793a0a23e683ba5df99e9  openssl-0.9.8e-39.el5_11.i686.rpm
d7e159cfd9e991adf152df48cb97751c8a26601b1f3f3a70a3e137efb05e0c35  openssl-0.9.8e-39.el5_11.x86_64.rpm
230b07861835e3a65052e45b617a73cbbd3057c6db38d315dbed7b3d01f1fba6  openssl-devel-0.9.8e-39.el5_11.i386.rpm
f6bc29a1ab08303174206210af09b37ec53f0c0d643f18bf98427b20f2cb4a67  openssl-devel-0.9.8e-39.el5_11.x86_64.rpm
7953dcc480ff7815f39943f62fc848b3ce7ecb66217d2829332d95be4400c13d  openssl-perl-0.9.8e-39.el5_11.x86_64.rpm

Source:
e0dab71e400c340b8eed7770c582ce6f3768888a61b4c492411d20e81ae1a9a6  openssl-0.9.8e-39.el5_11.src.rpm
CentOS

CESA-2016:0301 Important CentOS 7 opensslSecurity Update

CentOS Errata and Security Advisory 2016:0301 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0301.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
b2aaed03ed2d01d2a6482ed97a95aec0545ffc4c00ad46c7cafc10c9554e1b58  openssl-1.0.1e-51.el7_2.4.x86_64.rpm
b1aa349c2ea3a99cc65d031850d415b7feb7924f0a121593c12b439934440eb4  openssl-devel-1.0.1e-51.el7_2.4.i686.rpm
3e194452a2616702ee91e791b163b739d012da52957f6e91927de9d554e4e203  openssl-devel-1.0.1e-51.el7_2.4.x86_64.rpm
2e193ea886626e3e8b151f905920503e2e505cc2bdfef31a8d38a581c99e210f  openssl-libs-1.0.1e-51.el7_2.4.i686.rpm
249cc7d68c0d8d48a26b50066ed29da2d70c7a573d23dc566ee7c99f5c5f71c9  openssl-libs-1.0.1e-51.el7_2.4.x86_64.rpm
61cfe9edcb1d521b2978fee1acda2a9cba73f2c371bc9217b44bd527569938c5  openssl-perl-1.0.1e-51.el7_2.4.x86_64.rpm
a5d2395db7a0c87d069e3fc80e55deacffeea5acc5162058075a746871954ce7  openssl-static-1.0.1e-51.el7_2.4.i686.rpm
e48dd73a4f9bc7d3b6617842414a1b50fc086c720795451ca4795ecd08ba3b22  openssl-static-1.0.1e-51.el7_2.4.x86_64.rpm

Source:
26fa86503898fa5fcf91188aa6f56172ea1896e4d4943bd407aa54d21d330618  openssl-1.0.1e-51.el7_2.4.src.rpm
CentOS

CESA-2016:0301 Important CentOS 6 opensslSecurity Update

CentOS Errata and Security Advisory 2016:0301 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0301.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
31cacdfe88b5e4b420bd2dd1fe6b491b35a2a57c7e3b4ef5b960573b095fc519  openssl-1.0.1e-42.el6_7.4.i686.rpm
a57701c0598a7c91de1eac55fa5b6ffe2bc096c07f757723d6de65dd092dbc66  openssl-devel-1.0.1e-42.el6_7.4.i686.rpm
3e62aef02b5a465d587a3c3dfec494b27d55ec2a5dac0a13e6ac842188728d66  openssl-perl-1.0.1e-42.el6_7.4.i686.rpm
621cd98e6d221febb477906443a1692afd64ffcc79cb843a146ee4583e7224f7  openssl-static-1.0.1e-42.el6_7.4.i686.rpm

x86_64:
31cacdfe88b5e4b420bd2dd1fe6b491b35a2a57c7e3b4ef5b960573b095fc519  openssl-1.0.1e-42.el6_7.4.i686.rpm
e5fc87d5031ea23db0eb2be92743a557d8574caa583fad6a1cd16a757ed436f3  openssl-1.0.1e-42.el6_7.4.x86_64.rpm
a57701c0598a7c91de1eac55fa5b6ffe2bc096c07f757723d6de65dd092dbc66  openssl-devel-1.0.1e-42.el6_7.4.i686.rpm
17b6a4dbe2f844d3944fa7c4cafe9ccf4d54a8dc23d26201a513fc86bd08d256  openssl-devel-1.0.1e-42.el6_7.4.x86_64.rpm
4b9ec40e680ad72d6134283f3ab6179d2c4c8a34433aed4f42c5117bfeb300a5  openssl-perl-1.0.1e-42.el6_7.4.x86_64.rpm
aaaf4d42ef5f48f424ed9d6d04744e906a15d3ae66097bcd3ec60be226879cd6  openssl-static-1.0.1e-42.el6_7.4.x86_64.rpm

Source:
152d1ec6f40854680bbad1524f2b7766c8f583de6b1a136b635ec9b257d4b088  openssl-1.0.1e-42.el6_7.4.src.rpm
US-CERT

OpenSSL Releases Security Advisory

Original release date: March 01, 2016

OpenSSL has released updates to address vulnerabilities in prior versions. Exploitation of some of these vulnerabilities may allow a remote attacker to obtain sensitive information. Updates available include:

  • OpenSSL 1.0.2g for 1.0.2 users
  • OpenSSL 1.0.1s for 1.0.1 users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

Avira

Locky ransomware is dead, long live Locky

Even if Locky is no longer a hot news story, the financial success of this ransomware for the cybercriminals means that it – or a new and improved version of it – will be coming around again. Here are four lessons to be learned from the latest round of ransomware.

The post Locky ransomware is dead, long live Locky appeared first on Avira Blog.

Security

ATutor 2.2.1 SQL Injection / Remote Code Execution

This Metasploit module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrators interface where they can upload malicious code. You are required to login to the target to reach the SQL Injection, however this can be done as a student account and remote registration is enabled by default.