USN-2169-1: Django vulnerabilities

Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. CVE-2014-0472 Paul McMillan discovered that Django...

SAP Sybase SQL Anywhere OpenSSL TLS心跳信息泄漏漏洞

CVE ID:CVE-2014-0160 SAP Sybase SQL Anywhere是一套全面的解决方案,它提供了数据管理、同步和数据交换技术,可快速在远程和移动环境中开发并配置数据库驱动的应用程序。 SAP Sybase SQL Anywhere所绑定的OpenSSL存在安全漏洞，OpenSSL处理TLS”心跳“扩展存在一个边界错误，允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥，用户名密码等。 0 SAP Sybase SQL Anywhere 12.x SAP Sybase SQL Anywhere 16.x SAP Sybase SQL...

JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...

OpenJDK: insufficient security checks (JAXWS, 8017505)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS...

OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

CentOS 5 : java-1.7.0-openjdk (CESA-2014:0407)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

[SECURITY] Fedora 19 Update: mingw-openssl-1.0.1e-6.fc19

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

[SECURITY] Fedora 20 Update: ImageMagick-6.8.6.3-4.fc20

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

Web Application Security Begins with Programming Language

When building an enterprise Web application, the most foundational decision your developers make will be the language in which the app is written. But is there a barometer that measures the security of the programming languages developers have at their disposal, or are comfortable with, versus...

First Phase of TrueCrypt Audit Turns Up No Backdoors

A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released today by iSEC Partners, which was...

Exploits for Two-Year-Old PHP Security Vulnerability Found

Close to two years ago, a serious vulnerability in PHP was accidentally disclosed after it was discovered months prior during a hacking contest. A patch was released in relatively short order, and one would assume that given PHP’s prevalence as a web development framework, the fix would have been...

udisks security update

1.0.1-7.el65 - Make sure doc subpackage is noarch 1.0.1-6.el65 - Put devel-docs in a separate package related: rhbz1070145 . 1.0.1-5.el65 - Related: rhbz1070145...

Dexter, Project Hook Point of Sale Malware Still Prevalent

While the Target data breach may be in the rear view mirror, research this week shows it’s clear that many attackers are still using point of sale malware, namely Dexter and Project Hook, in active attacks. Researchers at Arbor Networks’ Security Engineering & Response Team ASERT looked at severa...

IBM Rational Quality Manager Jazz Team Server未明远程代码执行漏洞

Bugtraq ID:65900 CVE ID:CVE-2014-0862 IBM Rational Quality Manager是一款为完整的软件开发生命周期提供集成的测试计划和测试资产的协作的，基于Web的质量管理软件。 IBM Rational Quality Manager所包含的Jazz Team服务器存在未明错误，允许远程攻击者利用漏洞执行任意代码。 0 IBM Rational Quality Manager 2.x IBM Rational Quality Manager 3.x IBM Rational Quality Manager 4.x 厂商补丁： IBM...

SA-CONTRIB-2014-023 - Project Issue File Review - XSS

The Project Issue File Review PIFR module provides an abstracted client-server model and plugin API for performing distributed operations such as code review and testing, with a focus on supporting Drupal development. Two scenarios were identified where the module does not sufficiently sanitize...