openSUSE Security Update : glibc (openSUSE-SU-2010:0912-1)

This update of glibc fixes two bugs and security issues : CVE-2010-3847: Decoding of the $ORIGIN special value in various LD environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This issue does not affect SUSE as an assertion...

openSUSE Security Update : ruby (openSUSE-SU-2012:0228-1)

This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here : http://svn.ruby-lang.org/repos/ruby/tags/v187357/ChangeLog The particularly noteworthy fixes are : - Hash...

Fedora 19 : openssh-6.2p2-8.fc19 (2014-6569)

environment variables with embedded '=' or '0' characters are now ignored - prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys - /etc/ssh/moduli is readable by all now - ssh-copy-id is run in so called legacy mode when SSHCOPYIDLEGACY...

Fedora 20 : openssh-6.4p1-4.fc20 (2014-6380)

environment variables with embedded '=' or '\0' characters are now ignored - prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys - ssh-agent is now suspend-aware as it gets also CLOCKBOOTTIME time - /etc/ssh/moduli is readable by all now...

ModSecurity v2.8.0 - Open Source Web Application Firewall

ModSecurity ™is an open source, free web application firewall WAF Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. Changelog v2.8.0 Bug fix Build issue: Now using autotools to...

UBUNTU-CVE-2014-3230

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...

Crlf injection

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

Debian Security Advisory DSA 2894-1 (openssh - security update)

Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-2532 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker coul...

Ubuntu: Security Advisory (USN-2146-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : sudo vulnerabilities (USN-2146-1)

Sebastien Macke discovered that Sudo incorrectly handled blacklisted environment variables when the envreset option was disabled. A local attacker could use this issue to possibly run unintended commands by using blacklisted environment variables. In a default Ubuntu installation, the envreset...

RedHat Update for sudo RHSA-2014:0266-01

Check for the Version of sudo OpenVAS Vulnerability Test RedHat Update for sudo RHSA-2014:0266-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

DEBIAN-CVE-2014-0106

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...

CVE-2014-0106

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...

CVE-2014-0106

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...

CVE-2014-0106

CVE-2014-0106 affects Sudo up to version 1.8.5 where env_reset is disabled, and env_delete checks fail to properly sanitize environment variables. This allows local users with sudo permissions to bypass intended command restrictions via crafted environment variables. The vulnerability is tied to ...

CVE-2014-0106

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...

CVE-2014-0106

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...

CentOS 5 : sudo (CESA-2014:0266)

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 5 : sudo (RHSA-2014:0266)

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

sudo security update

CentOS Errata and Security Advisory CESA-2014:0266 An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...