[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.6.19-i486-1slack14.1.txz: Upgraded. This release fixes bugs and security issues. For more information, see:...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.6.18-i486-1slack14.1.txz: Upgraded. This release fixes bugs and security issues. For more information, see:...

Apache Httpd < 2.2.32 : Apache HTTP Request Parsing Whitespace Defects

Apache HTTP Server, prior to release 2.4.25 and 2.2.32, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines...

Netgear RP614v3 Authentication Bypass

Vendor : NETGEAR Product : RP614v3 informed on : 12. 10. 2015 responded : no fixed : no Effect : Remotely exploitable over LAN/WLAN Typ : Authentication Bypass Difficulty : trivial The N300 FW authentication bypass inspired me to check my rp614v3 router and I found this bypass: Firmware:...

Oracle: Security Advisory (ELSA-2015-1666)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2014-1972)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd24-httpd security and bug fix update

2.4.6-22.0.1.el6 - remove enable-tlsv1x-thunks to fit openssl 1.x api - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.4.6-22 - Remove modproxyfcgi fix for heap-based buffer overflow, httpd-2.4.6 is not affected CVE-2014-3583 2.4.6-21 - modproxywstunne...

Apache Httpd < 2.4.20 : mod_http2: denial of service by thread starvation

By manipulating the flow control windows on streams, a client was able to block server threads for long times, causing starvation of worker threads. Connections could still be opened, but no streams where processed for these. This issue affected HTTP/2 support in 2.4.17 and 2.4.18...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

Apache Httpd < 2.4.25 : Padding Oracle in Apache mod_session_crypto

Prior to Apache HTTP release 2.4.25, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks,...

F5 BIG-IP - Apache HTTPD vulnerability CVE-2010-2791 and CVE-2010-2068

The remote host is missing a security patch. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

SOL23332326 - Apache HTTPD vulnerability CVE-2010-2791

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

openSUSE Security Update : subversion (openSUSE-2015-948)

This update for subversion fixes the following issues : - Apache Subversion 1.8.15 This release fixes one security issue: Remotely triggerable heap overflow and out-of-bounds read in moddavsvn caused by integer overflow when parsing skel-encoded request bodies. CVE-2015-5343 boo958300 - fix a...

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerability: Subversion's httpd servers are vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies CVE-2015-5343. This allows remote attackers with wri...

MGASA-2015-0490 Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerability: Subversion's httpd servers are vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies CVE-2015-5343. This allows remote attackers with wri...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

CVE-2015-0859

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...

Code injection

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...