The Google Security Team discovered a buffer overflow vulnerability in
the HTTP transport code in apt-get. An attacker able to
man-in-the-middle a HTTP request to an apt repository can trigger the
buffer overflow, leading to a crash of the http
apt method binary, or
potentially to arbitrary code execution.
All posts by 007admin
Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland
State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that’s evolved into a sophisticated threat with a modular architecture.
The post Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland appeared first on We Live Security.
Red Hat Security Advisory 2014-1268-01
Red Hat Security Advisory 2014-1268-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to supply a malicious image file to QEMU or to helper tools used in image conversion by services such as glance and nova could potentially use these flaws to cause memory corruption, resulting in a crash or possibly arbitrary code execution.
Debian Security Advisory 3029-1
Debian Linux Security Advisory 3029-1 – Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.
Debian Security Advisory 3030-1
Debian Linux Security Advisory 3030-1 – Multiple SQL injection vulnerabilities have been discovered in the Mantis bug tracking system.
Ubuntu Security Notice USN-2350-1
Ubuntu Security Notice 2350-1 – The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17 which includes the latest CA certificate bundle.
Ubuntu Security Notice USN-2351-1
Ubuntu Security Notice 2351-1 – Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx incorrectly reused cached SSL sessions. An attacker could possibly use this issue in certain configurations to obtain access to information from a different virtual host.
Ubuntu Security Notice USN-2352-1
Ubuntu Security Notice 2352-1 – Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Alban Crequy discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
Red Hat Security Advisory 2014-1281-01
Red Hat Security Advisory 2014-1281-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux kernel’s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.
Join the Avast Beta 2015 and share your feedback
The Avast developers invite you to participate in the Avast 2015 beta test.
Your participation gives the team working on the latest versions of the world’s most trusted security products a chance to hear your voice – what’s working for you and what is not, how you like the experience, if you see performance or connectivity problems, etc. There are multiple new low-level functions which impact the whole system, so we need your feedback to tune everything for the final release.
Two new features introduced in Avast Beta 2015
Avast NG
Avast NG is a hardware-based virtualization solution capable of running each Windows process in a standalone, safe, virtualized environment (VM) which is fully integrated to your desktop. Each process is executed in its own instance of VM, which means it’s totally isolated from other applications. This feature is now powering Avast DeepScreen, resulting in better detection. The technology will also power the Sandbox and SafeZone components in the final release.
GrimeFighter Free
GrimeFighter will offer free cleaning of junk files and tuning of system settings. These tasks are performed by our Zilch and Torque minions.
Changes and other new features
- Home Network Security scans your home network for vulnerabilities like WiFi status, connected devices, and router settings.
- HTTPS scanning is able to detect and decrypt TLS/SSL protected traffic in our Web-content filtering component. This feature will protect you against viruses coming through HTTPs traffic as well as adding compatibility for SPDY+HTTPS/ HTTP 2.0 traffic.
- SecureDNS protects against DNS Hijack on router/client including unsecured networks, public ones, etc. This feature is active in the paid versions only.
- Smart Scan integrates all on-demand scans into one scan with different results and recommendations. Includes Antivirus, Browser plugins, Software updates, Home Network, and GrimeFighter.
To learn more about the Avast Beta 2015 , what to test, known issues, and to leave comments, visit the avast! Community forum thread dedicated to the beta test.
Avast Beta 2015 installation links
http://files.avast.com/beta9x/avast_free_antivirus_setup.exe
http://files.avast.com/beta9x/avast_pro_antivirus_setup.exe
http://files.avast.com/beta9x/avast_internet_security_setup.exe
http://files.avast.com/beta9x/avast_premier_antivirus_setup.exe
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.