Posted by Guido Vranken on Oct 12
These vulnerabilities were found in the latest OpenSSL (1.1.0b).
Triggering these vulnerabilities is not trivial — they rely on memory
shortages (malloc/realloc failures) or failing to acquire a thread
lock while the X509 data is being parsed. Possibly exploitation can be
achieved by exploiting a memory leak/accumulation (such as the
recently discovered CVE-2016-6304). Proof of concepts and more
extensive commentary at the link below….
Posted by Matthias Deeg on Oct 12
Advisory ID: SYSS-2016-074
Product: Wireless Presenter R400
Manufacturer: Logitech
Affected Version(s): Model R-R0008
Tested Version(s): Model R-R0008
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2016-08-12
Solution Date: –
Public Disclosure: 2016-10-12
CVE Reference: Not yet assigned
Authors of…
Posted by Matthias Deeg on Oct 12
Advisory ID: SYSS-2016-075
Product: Multimedia Presentation Remote
Manufacturer: Targus
Affected Version(s): Model AMP09-EU
Tested Version(s): Model AMP09-EU
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-08-16
Solution Date: –
Public Disclosure: 2016-10-12
CVE Reference: Not yet assigned
Authors of…
Microsoft has released its monthly Patch Tuesday update including a total of 10 security bulletin, and you are required to apply the whole package of patches altogether, whether you like it or not.
That’s because the company is kicking off a controversial new all-or-nothing patch model this month by packaging all security updates into a single payload, removing your ability to pick and choose
Account security for your Facebook account! The following tips will enable you to secure your Facebook account.
The post 5 tips to secure your Facebook account appeared first on Avira Blog.
[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities
Contenido v4.9.11 CMS – (Backend) Multiple XSS Vulnerabilities
Facebook API v2.1 – RFC6749 Open Redirect Vulnerability
[security bulletin] HPSBPV03516 rev.2 – HP VAN SDN Controller, Multiple Vulnerabilities
10th October, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in the kernel.
Marco Grassi discovered a use-after-free condition could occur in the TCP
retransmit queue handling code in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-6828)
Pengfei Wang discovered a race condition in the audit subsystem in the
Linux kernel. A local attacker could use this to corrupt audit logs or
disrupt system-call auditing. (CVE-2016-6136)
Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller
driver in the Linux kernel when handling ioctl()s. A local attacker could
use this to cause a denial of service (system crash). (CVE-2016-6480)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.