Debian DLA-207-1 : subversion security update

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2015-0248 Subversion moddavsvn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain...

Red Hat PicketLink SAML Assertion AudienceRestriction Security Bypass Vulnerability

Red Hat PicketLink a unified identity management framework for Java applications. A security bypass vulnerability exists in Red Hat PicketLink that could be exploited by an attacker to bypass security restrictions and perform unauthorized access...

Debian DSA-3231-1 : subversion - security update

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0248 Subversion moddavsvn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain...

Debian Security Advisory DSA 3231-1 (subversion - security update)

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0248 Subversion moddavsvn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain...

PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion

A flaw was found in the way PicketLink's Service Provider SP and Identity Provider IdP handled certain requests. The SP and IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in the SAML assertion matches the location from which the message was...

PicketLink: SP does not take Audience condition of a SAML assertion into account

A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink...

CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid

It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods

It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...

MGASA-2015-0151 Updated tor packages fix security vulnerabilities

"disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible CVE-2015-2928. "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidde...

Updated tor packages fix security vulnerabilities

"disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible CVE-2015-2928. "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidde...

Multiple Security vulnerabilities in AIX OpenSSL

IBM SECURITY ADVISORY First Issued: The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory13.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory13.asc...

CVE-2015-0248

The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...

Tor Denial of Service Vulnerability (CNVD-2015-02240)

Tor is a second-generation implementation of onion routing, through which users can communicate anonymously over the Internet. Tor suffers from a denial-of-service vulnerability that allows a Tor client to trigger an assertion failure when parsing a carefully constructed hidden service descriptor...

CVE-2015-0248

The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...

Tor Denial of Service Vulnerability (CNVD-2015-02241)

Tor is a second-generation implementation of onion routing, through which users can communicate anonymously over the Internet. A denial-of-service vulnerability exists in Tor, where a malicious client can trigger an assertion failure in a Tor instance that provides a hidden service, rendering the...

openSUSE Security Update : subversion (openSUSE-2015-289)

Apache Subversion was updated to 1.8.13 to fix three vulnerabilities and a number of non-security bugs. This release fixes three vulnerabilities : - Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. bsc92379...

Debian DSA-3216-1 : tor - security update

Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system : - CVE-2015-2928 'disgleirio' discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service...

[ MDVSA-2015:192 ] subversion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:192 http://www.mandriva.com/en/support/security/ Package : subversion Date : April 3, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Multiple vulnerabilities has been discovered...

tor: multiple issues

CVE-2015-2928 "disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. CVE-2015-2929 "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially...