[SECURITY] Fedora 19 Update: lzo-2.08-1.fc19

LZO is a portable lossless data compression library written in ANSI C. It offers pretty fast compression and very fast decompression. Decompression requires no memory. In addition there are slower compression levels achieving a quite competitive compression ratio while still decompressing at this...

USN-2300-1: LZO vulnerability

Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code...

Upload the file of trap II pure alphanumeric. swf is a vulnerability?- Vulnerability warning-the black bar safety net

0x00 background In a previous uploaded file trap , the author mentioned for flash cross-domain data hijacking,sometimes does not need us to upload a file. Because we can simply use the JSONP interface,the flash content is assigned to the callback to be used. Just like in the comments@Sogili...

[SECURITY] Fedora 20 Update: lzo-2.08-1.fc20

LZO is a portable lossless data compression library written in ANSI C. It offers pretty fast compression and very fast decompression. Decompression requires no memory. In addition there are slower compression levels achieving a quite competitive compression ratio while still decompressing at this...

20-Year Old Vulnerability Patched in Compression Algorithm

A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...

USN-2190-1: JBIG-KIT vulnerability

Florian Weimer discovered that JBIG-KIT incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, JBIG-KIT could be made to crash, or possibly execute arbitrary code...

BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

BitZipper Installed

BitZipper, a data compression tool, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66554; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/01/31"; scriptnameenglish:"BitZipper Installed";...

Debian: Security Advisory (DSA-2579-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 2579-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2579-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 30, 2012 http://www.debian.org/security/faq -...

Ubuntu Update for apache2 USN-1627-1

Ubuntu Update for Linux kernel vulnerabilities USN-1627-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16271.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for apache2 USN-1627-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu Update for qt4-x11 USN-1628-1

Ubuntu Update for Linux kernel vulnerabilities USN-1628-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16281.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for qt4-x11 USN-1628-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : apache2 vulnerabilities (USN-1627-1)

It was discovered that the modnegotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output durin...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : qt4-x11 vulnerability (USN-1628-1)

Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security TLS protocol when it is used with data compression. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression ...

Ubuntu: Security Advisory (USN-1627-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1628-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1628-1: Qt vulnerability

Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security TLS protocol when it is used with data compression. If an attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data...

USN-1627-1: Apache HTTP Server vulnerabilities

It was discovered that the modnegotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output durin...

For SSL the latest method of attack CRIME of the principles and technical details-vulnerability warning-the black bar safety net

Author:Pnig0s decodingFreeBuf We may concern before the for SSL a attack technique, called the BEAST. This is still found in BEAST of the two greatJuliano Rizzoand Thai Duong discovered another new attack on HTTPS techniques, and before of similar, called“CRIME”is. BEAST to from SSL/TLS encrypted...

[SECURITY] Fedora 15 Update: libpng-1.2.49-1.fc15

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...