[SECURITY] Fedora 23 Update: libtevent-0.9.26-1.fc23

Tevent is an event system based on the talloc memory management library. Tevent has support for many event types, including timers, signals, and the classic file descriptor events. Tevent also provide helpers to deal with asynchronous code providing the teventreq Tevent Request functions...

CVE-2003-1307

The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...

Oracle: Security Advisory (ELSA-2013-1348)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : NBD vulnerabilities (USN-2676-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2676-1 advisory. It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match an...

These Laser Beams Will Offer Free Internet to the World from the Sky

During a wide-ranging online question-and-answer session on his Facebook page Tuesday, Facebook co-founder Mark Zuckerberg predicted some wild things for Future. It includes: Telepathy Technology, the ability for humans to talk to each other with their minds. Laser Beams, used to transmit data fr...

PITA Side-Channel Crypto Key Attack

It’s unlikely that anyone envisioned the evolution of cryptographic key thievery to include leavened flatbread, but that’s where we’ve arrived. Researchers from Tel Aviv University in Israel are expected in September to present a paper at the Workshop on Cryptographic Hardware and Embedded System...

CVE-2015-0847

nbd-server.c in Network Block Device nbd-server before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service deadlock via unspecified vectors...

CVE-2015-0847

nbd-server.c in Network Block Device nbd-server before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service deadlock via unspecified vectors...

CVE-2014-9689

content/renderer/devicesensors/deviceorientationeventpump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that...

CVE-2014-9689

content/renderer/devicesensors/deviceorientationeventpump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that...

Design/Logic Flaw

content/renderer/devicesensors/deviceorientationeventpump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that...

CVE-2014-9689

content/renderer/devicesensors/deviceorientationeventpump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that...

CVE-2015-0245

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service activation failure error returned by leveraging a race condition involving sending an...

UBUNTU-CVE-2015-0245

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service activation failure error returned by leveraging a race condition involving sending an...

Connection Disclosed Between Regin, Five Eyes Malware Platform

Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany’s Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by...

CVE-2014-8148

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...

CVE-2014-8148

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...

UBUNTU-CVE-2014-8148

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...

Vulnerability in Arbiter Systems GPS Clock

The Arbiter 1094B GPS Substation Clock is a high precision GPS timing and power measurement solution. A security vulnerability exists in the Arbiter 1094B GPS Substation Clock that could be exploited by an attacker to spoof GPS satellite broadcasts via specially crafted radio transmissions,...

NSA Director Says Agency Shares Vast Majority of Bugs it Finds

When the National Security Agency discovers a new vulnerability that looks like it might be of use in penetrating target networks, the agency considers a number of factors, including how popular the affected software is and where it’s typically deployed, before deciding whether to share the new...