SUSE-SU-2019:14139-1 Security update for bzip2

This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors bsc1139083...

nss and nspr security, bug fix, and enhancement update

nspr 4.21.0-2 - Rebuild 4.21.0-1 - Update to NSPR 4.21 nss 3.44.0-7 - Backport fixes from 3.44.1 3.44.0-6 - Add continuous RNG test required by FIPS - fipstest: use CKMTLS12MASTERKEYDERIVE instead of vendor specific mechanism 3.44.0-5 - Rebuild with the correct build target 3.44.0-4.1 - rebuild t...

SUSE-SU-2019:2013-2 Security update for bzip2

This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors bsc1139083...

kubeadm-ha-setup security update

0.0.2-1.0.52 - OLCNE-678 Restore fails when trying to restore after a failed update 0.0.2-1.0.51 - OLCNE-667 Minor version update doesn't update kubeadm on all master nodes 0.0.2-1.0.50 - Make k8s 1.14 specific changes 0.0.2-1.0.49 - OLCNE-668 Remove 1.10 and 1.11 version since they are...

[SECURITY] Fedora 30 Update: libreoffice-6.2.5.2-1.fc30

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...

OPENSUSE-SU-2019:1703-1 Security update for helm

This update for helm to version 2.13.1 fixes the following issues: - set correct gitcommit value so that 'helm version' reports correctly - added service file for helm-serve - Require golang 1.10.6 or newer - Tiller should only enforce what we expect from Helm - Keepalive config should be...

Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

[SECURITY] Fedora 30 Update: dosbox-0.74.3-2.fc30

DOSBox is a DOS-emulator using SDL for easy portability to different platforms. DOSBox has already been ported to several different platforms, such as Windows, BeOS, Linux, Mac OS X... DOSBox emulates a 286/386 realmode CPU, Directory FileSystem/XMS/EMS, a SoundBlaster card for excellent sound...

Fedora Update for dosbox FEDORA-2019-6b86d0f1c0

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GHSA-P3W6-JCG4-52XH Improper Verification of Cryptographic Signature in django-rest-registration

Misusing the Django Signer API leads to predictable signatures used in verification emails Impact The vulnerability is a high severity one. Anyone using Django REST Registration library versions 0.2. - 0.4. with e-mail verification option which is recommended, but needs additional configuration i...

TwitterShadowBan - Twitter Shadowban Tests

One-page web app, testing Twitter users for conventional and QFD shadowbans. Setup Browser compatibility needs transpiling. Nothing fancy, just the usual babel magic. git clone https://github.com/shadowban-eu/TwitterShadowBanV2 && cd TwitterShadowBanV2 npm install Since we are using a php backend...

Compatibility update for installing Windows 10, version 1903: June 27, 2019

Compatibility update for installing Windows 10, version 1903: June 27, 2019 Summary This update makes improvements to ease the installation experience when updating to Windows 10, version 1903. How to get this update This update is available through Windows Update. It will be downloaded and...

DNSlivery - Easy Files And Payloads Delivery Over DNS

Easy files and payloads delivery over DNS. Acknowledgments This project has been originally inspired by PowerDNS and Joff Thyer's technical segment on the Paul's Security Weekly podcast 590 youtu.be/CP6cIwFJswQ. Description TL;DR DNSlivery allows delivering files to a target using DNS as the...

Compatibility update for installing Windows 10, version 1607: June 18, 2019

Compatibility update for installing Windows 10, version 1607: June 18, 2019 Summary This update makes improvements to ease the installation experience when updating to Windows 10, version 1607. How to get this update This update is available through Windows Update. It will be downloaded and...

Android's Built-in Security Key Now Works With iOS Devices For Secure Login

In April this year, a software update from Google overnight turned all Android phones, running Android 7.0 Nougat and up, into a FIDO-certified hardware security key as part of a push to encourage two-step verification. The feature made it possible for users to confirm their identity when logging...

Failed to launch ICA file after upgrade to Citrix Receiver for Windows 4.9 LTSR CU6 on Windows server

After upgrade to Citrix Receiver for Windows 4.9 LTSR CU6 on Windows 2008R2/2012 end point, user is not able to launch any published resource due to wfica32.exe crashed with bugcheck code 0xc0000135. The following error might be popped-up: Unable to launch your applicationContact your help desk a...

[SECURITY] Fedora 29 Update: drupal7-module_filter-2.2-1.fc29

The modules list page can become quite big when dealing with a fairly large site or even just a dev site meant for testing new and various modules being considered. What this module aims to accomplish is the ability to quickly find the modu le you are looking for without having to rely on the...

Phraseanet DAM Cross Site Scripting

Exploit title: Stored XSS vulnerability in Phraseanet DAM Open Source software Date: 10/10/2018 Exploit Author: Krzysztof Szulski Vendor Homepage: https://www.phraseanet.com Software Link also VM: https://www.phraseanet.com/en/download/ Version affected: 4.0.3 4.0.4-dev and below Version fixed:...

Migrating VAO 1.0 Deployment to Version 2.0

Challenge Upgrade of Veeam Availability Orchestrator to version 2.0 is not supported. However, you have an option to migrate your VAO 1.0 configuration to version 2.0 with minimal downtime. This KB article briefly describes architectural changes introduced in 2.0 version and provides step-by-step...

ALPINE-CVE-2019-12221

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a SEGV in the SDL function SDLfreeREAL at stdlib/SDLmalloc.c...