Slackware Security Advisory – New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
Category Archives: Security
Security
Debian Security Advisory 3039-1
Debian Linux Security Advisory 3039-1 – Several vulnerabilities were discovered in the chromium web browser.
CVE-2014-4330
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. (CVSS:2.1) (Last Update:2014-10-01)
DSA-3040 rsyslog – security update
Rainer Gerhards, the rsyslog project leader, reported a vulnerability in
Rsyslog, a system for log processing. As a consequence of this
vulnerability an attacker can send malformed messages to a server, if
this one accepts data from untrusted sources, and trigger a denial of
service attack.
Bacula-web 5.2.10 SQL Injection
Bacula-web version 5.2.10 suffers from a remote SQL injection vulnerability.
Apple Patches Shellshock Vulnerability in Bash for OS X
Apple released its patch for the Bash vulnerability, repairing versions of OS X vulnerable to Shellshock exploits.
ManageEngine OpManager / Social IT Arbitrary File Upload
This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 – v11.3 and on version 11.0 of SocialIT for Windows and Linux.
WPScan Vulnerability Database a New WordPress Security Resource
Researcher Ryan Dewhurst released the WPScan Vulnerability Database, a database housing security vulnerabilities in WordPress core code, plug-ins and themes. It’s available for pen-testers, WordPress administrators and developers.
ManageEngine Code Execution / File Deletion
ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
[ MDVA-2014:016 ] java-1.7.0-openjdk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2014:016 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : java-1.7.0-openjdk Date : September 29, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated java-1.7.0-openjdk packages fix an upstream regression: This update provides IcedTea 2.5.2, which fixes several bugs, most notably regressions in the previous release which broke Groovy and several other Java tools and applications. _______________________________________________________________________ References: http://blog.fuseyism.com/index.php/2014/09/02/icedtea-2-5-2-released-back-in-the-groovy/ http://advisories.mageia.org/MGAA-2014-0172.html _____________________________________________