[SECURITY] Fedora 19 Update: nodejs-graceful-fs-2.0.0-2.fc19

Just like node.js' fs module, but it does an incremental back-off when EMFI LE is encountered. Useful in asynchronous situations where one needs to try to o pen lots and lots of files...

[SECURITY] Fedora 18 Update: nodejs-graceful-fs-2.0.0-2.fc18

Just like node.js' fs module, but it does an incremental back-off when EMFI LE is encountered. Useful in asynchronous situations where one needs to try to o pen lots and lots of files...

[SECURITY] Fedora 18 Update: nodejs-vows-0.7.0-6.fc18

Vows is an asynchronous behavior-driven development BDD framework for Node.js. Vows was built from the ground up to test asynchronous code. It executes your tests in parallel when it makes sense, and sequentially when there are dependencies. Emphasis was put on speed of execution, clarity and use...

Oracle Linux 6 : qpid (ELSA-2012-1269)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-1269 advisory. python-qpid 0.14-11 - BZs: 825078 - Resolves: rhbz840053 qpid-cpp 0.14-22.0.1.el63 - Update summary and description in specfile to be product neutral 0.14-22 -...

tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-1876-1)

Andrew Honig reported a flaw in the way KVM Kernel-based Virtual Machine emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service crash the host. CVE-2013-1798 An information leak was discovered in the Linux kernel's rcvmsg path for ATM...

USN-1878-1: Linux kernel vulnerabilities

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. CVE-2013-0160 A flaw was discovered in the Linux...

Kernel: atm: update msg_namelen in vcc_recvmsg()

The vccrecvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

[Arachni v0.4.2] web application security scanner (Boosted with new UI)

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is...

USN-1808-1: Linux kernel (EC2) vulnerabilities

Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer llc sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. CVE-2012-6542 Mathias Krause discovered information leaks in the Linux kernel's...

Kernel: atm: information leak in getsockopt & getsockname

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

USN-1805-1: Linux kernel vulnerabilities

Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer llc sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. CVE-2012-6542 Mathias Krause discovered information leaks in the Linux kernel's...

Kernel: atm: information leak in getsockopt & getsockname

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 26 to the Stable Channel. Chrome 26.0.1410.43 for Windows, Mac, Linux, and Chrome Frame contains number of new items including: "Ask Google for suggestions" spell checking feature improvements e.g. grammar and homonym checking Desktop...

UBUNTU-CVE-2012-6546

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2013:0496 Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fourth...

Important: Red Hat Security Advisory: Red Hat Enterprise Linux 6 kernel update

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fourth regular update. The Red Hat Security Response Team has...

USN-1599-1: Linux kernel (OMAP4) vulnerability

Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions. CVE-2012-3520 Mathias Krause discovered information leak in the Linu...