Slackware 13.0 / 13.1 / current : mozilla-firefox (SSA:2011-068-02)

New mozilla-firefox packages are available for Slackware 13.0, 13.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2011-068-02. The text itself is...

[slackware-security] httpd

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix accidental ABI breakage caused by httpd-2.2.18. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/httpd-2.2.19-i486-1slack13.37.txz: Upgraded. Revert ABI breakage in...

Anonymous leaks PSN SSH Logs, Sony is responsible for Data Theft ?

Anonymous leaks PSN SSH Logs, Sony is responsible for Data Theft ? 1. On the Sony servers running the highly outdated Open SSH version 4.4. 2. Current version is 5.7. For those of Sony for encrypted version are used for more than five years several known security holes. 3. Sony server running in...

[slackware-security] apr/apr-util

New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/apr-1.4.4-i486-1slack13.37.txz: Upgraded. This fixes a possible denial of service du...

Web, E-mail and Facebook Exploit Osama bin Laden's Death

Spammers have jumped on Sunday’s news of the death of Osama bin Laden, lacing new spam e-mail runs and search engine optimized Web pages with news of the Al Qaeda chief’s demise at the hands of U.S. special forces. Researchers at Kaspersky Lab began detecting spam e-mail campaigns and search engi...

Windows Application CPE Detection (SMB Login)

SMB login-based collection of information about installed applications from a Microsoft Windows system. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Office共享组件DLL加载任意代码执行漏洞(MS11-023)

BUGTRAQ ID: 47246 CVE ID: CVE-2011-0107 Microsoft Office是一套由微软公司开发的办公软件，它为Microsoft Windows和Apple Macintosh操作系统而开发。 Microsoft Office在实现上存在共享组件DLL加载任意代码执行，远程攻击者可利用此漏洞以当前用户权限执行任意代码。 Microsoft...

[slackware-security] shadow

New shadow packages are available for Slackware 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/shadow-4.1.4.3-i486-2slack13.1.txz: Rebuilt. Corrected a packaging error where incorrect permissions on /usr/sbin/lastlog and...

glibc: fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATH

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library aka glibc or libc6, including glibc-2.5-49.el55.6 and glibc-2.12-1.7.el60.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object DSO...

[slackware-security] seamonkey

New seamonkey packages are available for Slackware 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/seamonkey-2.0.13-i486-1slack13.1.txz: Upgraded. This release fixes a security vulnerability by blacklisting several...

flash-plugin: multiple code execution flaws (APSB11-02)

Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory...

Slackware 12.2 / 13.0 / 13.1 / current : seamonkey (SSA:2011-068-01)

New seamonkey packages are available for Slackware 12.2, 13.0, 13.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2011-068-01. The text itself is...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 13.0, 13.1, and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/mozilla-firefox-3.6.14-i686-1.txz: Upgraded. Firefox 3.6.14 is a regular security and stability update to Firefox 3.6....

[slackware-security] samba

New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a denial of service security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/samba-3.5.7-i486-1slack13.1.txz: Upgraded. Fix memory corruption...

rgmanager: insecure library loading vulnerability

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

[slackware-security] openssl

New openssl packages are available for 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/openssl-0.9.8r-i486-1slack13.1.txz: Upgraded. This OpenSSL update fixes an "OCSP stapling vulnerability". For...

Design/Logic Flaw

Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588...

PT-2011-2035 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 8 Description: The issue allows local users to gain privileges via a Trojan horse IEShims.dll in the current working directory. A remote code execution vulnerability exists in the way that Internet Explorer...

(0Day) IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of malformed strings within cai:// URIs. The '--launcher.library' switch ca...

OpenOffice.org: soffice insecure LD_LIBRARY_PATH setting

soffice in OpenOffice.org OOo 3.x before 3.3 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...