-
Advisories - Linux Security
Oct 18, 2019 | 16:04 pm
It was discovered that the Special:Redirect functionality of MediaWiki, a website engine for collaborative work, could expose suppressed user names, resulting in an information leak.
Read more...
-
Operating System: Debian ≈ Packet Storm
Oct 16, 2019 | 17:09 pm
Debian Linux Security Advisory 4544-1 - X41 D-Sec discovered that unbound, a validating, recursive, and caching DNS resolver, did not correctly process some NOTIFY queries. This could lead to remote denial-of-service by application crash.
Read more...
-
Operating System: Debian ≈ Packet Storm
Oct 16, 2019 | 17:04 pm
Debian Linux Security Advisory 4509-3 - It was reported that the apache2 update released as DSA 4509-1 incorrectly fixed CVE-2019-10092. Updated apache2 packages are now available to correct this issue.
Read more...
-
Advisories - Linux Security
Oct 16, 2019 | 03:29 am
X41 D-Sec discovered that unbound, a validating, recursive, and caching DNS resolver, did not correctly process some NOTIFY queries. This could lead to remote denial-of-service by application crash.
Read more...
-
Advisories - Linux Security
Oct 15, 2019 | 19:12 pm
It was reported that the apache2 update released as DSA 4509-1 incorrectly fixed CVE-2019-10092. Updated apache2 packages are now available to correct this issue. For reference, the relevant part of the original advisory text follows.
Read more...
-
Operating System: Debian ≈ Packet Storm
Oct 15, 2019 | 15:53 pm
Debian Linux Security Advisory 4543-1 - Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword[…]
Read more...
-
Advisories - Linux Security
Oct 14, 2019 | 17:05 pm
Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to[…]
Read more...
-
Operating System: Debian ≈ Packet Storm
Oct 14, 2019 | 16:56 pm
Debian Linux Security Advisory 4539-3 - The update for openssl released as DSA 4539-1 introduced a regression where AES-CBC-HMAC-SHA ciphers were not enabled. Updated openssl packages are now available to correct this issue.
Read more...
-
Advisories - Linux Security
Oct 13, 2019 | 05:41 am
The update for openssl released as DSA 4539-1 introduced a regression where AES-CBC-HMAC-SHA ciphers were not enabled. Updated openssl packages are now available to correct this issue.
Read more...
-
Operating System: Debian ≈ Packet Storm
Oct 8, 2019 | 21:57 pm
Debian Linux Security Advisory 4539-2 - A change introduced in openssl 1.1.1d (which got released as DSA 4539-1) requires sandboxing features which are not available in Linux kernels before 3.19, resulting in OpenSSH rejecting connection attempts if running on an[…]
Read more...
-
Advisories - Linux Security
Oct 7, 2019 | 17:52 pm
A change introduced in openssl 1.1.1d (which got released as DSA 4539-1) requires sandboxing features which are not available in Linux kernels before 3.19, resulting in OpenSSH rejecting connection attempts if running on an old kernel. This does not affect[…]
Read more...
-
Operating System: Debian ≈ Packet Storm
Oct 7, 2019 | 16:37 pm
Debian Linux Security Advisory 4542-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to[…]
Read more...
-
Operating System: Debian ≈ Packet Storm
Oct 6, 2019 | 20:22 pm
Debian Linux Security Advisory 4541-1 - Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against an application using the library (application crash) if[…]
Read more...
-
Advisories - Linux Security
Oct 6, 2019 | 06:28 am
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary
Read more...
-
Advisories - Linux Security
Oct 4, 2019 | 19:50 pm
Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against an application using the library (application crash) if an invalid nested "multipart" body is[…]
Read more...
-
Operating System: Debian ≈ Packet Storm
Oct 3, 2019 | 01:22 am
Debian Linux Security Advisory 4509-2 - The security fixes for the HTTP/2 code in Apache 2 shipped in DSA 4509 unveiled a bug in Subversion which caused a regression in mod_dav_svn when used with HTTP/2.
Read more...
-
Advisories - Linux Security
Oct 2, 2019 | 17:52 pm
The security fixes for the HTTP/2 code in Apache 2 shipped in DSA 4509 unveiled a bug in Subversion which caused a regression in mod_dav_svn when used with HTTP/2.
Read more...
-
Operating System: Debian ≈ Packet Storm
Oct 2, 2019 | 17:03 pm
Debian Linux Security Advisory 4540-1 - ECDSA and a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey().
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 30, 2019 | 01:22 am
Debian Linux Security Advisory 4536-1 - A buffer overflow flaw was discovered in Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code.
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 29, 2019 | 20:32 pm
Debian Linux Security Advisory 4535-1 - Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution[…]
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 29, 2019 | 19:33 pm
Debian Linux Security Advisory 4538-1 - Two vulnerabilities were found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point).
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 29, 2019 | 19:32 pm
Debian Linux Security Advisory 4537-1 - It was discovered that file-roller, an archive manager for GNOME, does not properly handle the extraction of archives with a single ./../ in a file path. An attacker able to provide a specially crafted[…]
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 29, 2019 | 19:22 pm
Debian Linux Security Advisory 4534-1 - It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request smuggling in some setups.
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 26, 2019 | 18:30 pm
Debian Linux Security Advisory 4533-1 - It was discovered that the Lemonldap::NG web SSO system did not restrict OIDC authorization codes to the relying party.
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 25, 2019 | 20:06 pm
Debian Linux Security Advisory 4532-1 - It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries, and enumerate registered users.
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 23, 2019 | 20:25 pm
Debian Linux Security Advisory 4530-1 - It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is[…]
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 20, 2019 | 16:58 pm
Debian Linux Security Advisory 4528-1 - Daniel McCarney discovered that the BIRD internet routing daemon incorrectly validated RFC 8203 messages in it's BGP daemon, resulting in a stack buffer overflow.
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 19, 2019 | 18:28 pm
Debian Linux Security Advisory 4525-1 - Simon McVittie reported a flaw in ibus, the Intelligent Input Bus. Due to a misconfiguration during the setup of the DBus, any unprivileged user could monitor and send method calls to the ibus bus[…]
Read more...
-
Operating System: Debian ≈ Packet Storm
Sep 17, 2019 | 18:47 pm
Debian Linux Security Advisory 4524-1 - Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster (contact list) and unauthorised sending of message carbons.
Read more...
Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!