CVE-2015-0290

The multi-block feature in the ssl3writebytes function in s3pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service pointer corruption and application crash...

Vulnerability in OpenSSL - Multiblock corrupted pointer

Multiblock corrupted pointer. OpenSSL 1.0.2 introduced the “multiblock” performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of “multiblock” can cause OpenSSL’s internal write buffer to become...

CVE-2015-0290

CVE-2015-0290 affects OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 with AES-NI; the multiblock SSL write path in s3_pkt.c can cause pointer corruption/DoS in non-blocking I/O. IBM IBM i/DataPower and related SBs document concrete remediation paths (update to fixed OpenSSL versions; e.g., patches lis...

[SECURITY] Fedora 20 Update: nodejs-0.10.36-3.fc20

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

New Analytics Tool Defines Language Used Malicious Domains

OpenDNS has gone public with a new tool that uses a blend of analytics principles found outside information security to create a threat model for detecting domains used in criminal and state-sponsored hacking campaigns. NLPRank is not ready for production, said OpenDNS director of security resear...

[SECURITY] Fedora 21 Update: nodejs-0.10.36-3.fc21

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

FCC Warns Businesses WiFi Blocking is Illegal

In the wake of a recent enforcement action against Marriott for blocking guests’ WiFi hotspots in their hotels, the FCC is warning other hotel operators and business owners that such blocking is illegal and the commission’s Enforcement Bureau is taking note. Marriott last year paid a fine of...

Marriott Agrees to Stop Blocking Guest WiFi Devices

Marriott, which last year paid a $600,000 fine for blocking customers’ WiFi devices in its hotels, has said that it no longer will prevent guests from using personal hotspots or similar devices. The situation resulted from a complaint by a guest who stayed at Marriott’s Gaylord Opryland hotel in...

[SECURITY] Fedora 20 Update: python-tornado-2.2.1-7.fc20

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

[SECURITY] Fedora 19 Update: nodejs-0.10.33-1.fc19

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 20 Update: nodejs-0.10.33-1.fc20

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 21 Update: nodejs-0.10.33-1.fc21

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

CVE-2014-5284

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed...

CVE-2014-5268

CVE-2014-5268 affects the Drupal contributed module Fasttoggle (7.x-1.3 and 7.x-1.4). The advisory confirms an access-control flaw: remote attackers can block or unblock user accounts via a crafted user status link, due to a rewrite of the access control that mishandles the user status (allow/blo...

Windows Outbound-Filtering Rules

This module makes some kind of TCP traceroute to get outbound-filtering rules. It will try to make a TCP connection to a certain public IP address this IP does not need to be under your control using different TTL incremental values. This way if you get an answer ICMP TTL time exceeded packet fro...

EFF Calls Out ISPs Modifying STARTTLS Encryption Commands

As Net Neutrality debates swirl, privacy advocates at the Electronic Frontier Foundation and VPN provider Golden Frog have gone public with a Federal Communications Commission filing that got more attention for accusations that Verizon FIOS customers were having their Netflix streaming service...

[SECURITY] Fedora 19 Update: squid-3.3.13-2.fc19

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

[SECURITY] Fedora 20 Update: nodejs-0.10.32-1.fc20

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 19 Update: nodejs-0.10.32-1.fc19

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 21 Update: nodejs-0.10.32-1.fc21

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...