Category Archives: Security

Security

Debian Security Advisory 3051-1

October 16, 2014 007admin

Debian Linux Security Advisory 3051-1 – Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.

Security Focus

Vuln: OpenSSL DTLS CVE-2014-3505 Remote Denial of Service Vulnerability

October 16, 2014 007admin

OpenSSL DTLS CVE-2014-3505 Remote Denial of Service Vulnerability

Security Focus

Vuln: OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability

October 16, 2014 007admin

OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability

Security Focus

Vuln: OpenSSL DTLS CVE-2014-3510 Remote Denial of Service Vulnerability

October 16, 2014 007admin

OpenSSL DTLS CVE-2014-3510 Remote Denial of Service Vulnerability

CentOS

CESA-2014:1653 Moderate CentOS 5 openssl SecurityUpdate

October 16, 2014 007admin

CentOS Errata and Security Advisory 2014:1653 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1653.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
0f38fea6d167a87276c20f5a4d56c2f41faf7fc08d9c76e28329ecadbe0de51f  openssl-0.9.8e-31.el5_11.i386.rpm
c9660117d38961e5388d2fd72b0a68816b2047dc828a7438b0f6a4c74da4f27b  openssl-0.9.8e-31.el5_11.i686.rpm
6244227177fb88cf9db43d1ffe086014c5786f8764c1d161d7ff5c0e4b4bcb78  openssl-devel-0.9.8e-31.el5_11.i386.rpm
33e546cd8897b47e2ddf836f07ad103a2ebb2f4282cd32c7b730d39ab462b67b  openssl-perl-0.9.8e-31.el5_11.i386.rpm

x86_64:
c9660117d38961e5388d2fd72b0a68816b2047dc828a7438b0f6a4c74da4f27b  openssl-0.9.8e-31.el5_11.i686.rpm
802ed9a049e7ae8c417c2bb108348cc9bd132698e805aa68795862276a320493  openssl-0.9.8e-31.el5_11.x86_64.rpm
6244227177fb88cf9db43d1ffe086014c5786f8764c1d161d7ff5c0e4b4bcb78  openssl-devel-0.9.8e-31.el5_11.i386.rpm
70cc0ab04b906816a2b8db05603c96fb709cb45473b116c73da1e5569295672b  openssl-devel-0.9.8e-31.el5_11.x86_64.rpm
cd7303f6689aac1013530cc766a70b6fdae56dc3b87960ecdec567ed68bfb168  openssl-perl-0.9.8e-31.el5_11.x86_64.rpm

Source:
2d15a9cccc5453a329e53986061386de39e6e512af147b84354c3473b39a957b  openssl-0.9.8e-31.el5_11.src.rpm

Security

SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

October 16, 2014 007admin

Core Security Technologies Advisory – A vulnerability has been found in SAP Netweaver that could allow an unauthenticated, remote attacker to create denial of service conditions. The vulnerability is triggered by sending a specially crafted SAP Enqueue Server packet to remote TCP port 32NN (NN being the SAP system number) of a host running the “Standalone Enqueue Server” service, part of SAP Netweaver Application Server ABAP/Java. The “Standalone Enqueue Server” is a critical component of a SAP Netweaver installation in terms of availability, rendering the whole SAP system unresponsive.

US-CERT

Ebola Phishing Scams and Malware Campaigns

October 16, 2014 007admin

Original release date: October 16, 2014

US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system.

Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:

Do not follow unsolicited web links or attachments in email messages.
Maintain up-to-date antivirus software.
Refer to the Using Caution with Email Attachments Cyber Security Tip for information on safely handling email attachments.
Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for information on social engineering attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

Security Focus