Fedora 22 : nx-libs-3.5.0.29-1.fc22 (2015-3953)

Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - /.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-020...

python-keystoneclient: TLS certificate verification disabled

It was found that python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks...

python-keystoneclient: TLS certificate verification disabled

It was found that python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks...

DEBIAN-CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

PYSEC-2014-71

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

Code injection

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

PYSEC-2014-26

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

PYSEC-2014-71

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

UBUNTU-CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

[SECURITY] Fedora 20 Update: perl-Plack-1.0031-1.fc20

Plack is a set of tools for using the PSGI stack. It contains middleware components, a reference server and utilities for Web application frameworks. Plack is like Ruby's Rack or Python's Paste for WSGI...

openSUSE Security Update : libreoffice-34 (openSUSE-SU-2011:1143-1)

LibreOffice 3.4 includes new interesting features and fixes, see http://www.libreoffice.org/download/3-4-new-features-and-fix es/ The update fixes the following security issue : - 704311: libreoffice Lotus Word Pro filter multiple vulnerabilities CVE-2011-2685 - 722075: LibreOffice: Out-of-bounds...

openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)

This update fixes the following security issues with SeaMonkey : - update to SeaMonkey 2.23 bnc854370 - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 bmo771294 Application Installation doorhanger...

CVE-2013-4482

Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...

CVE-2013-4482

CVE-2013-4482 affects Luci 0.26.0. The vulnerability is an untrusted search path issue: when Luci is started via its initscript, a local user can exploit a Trojan horse .egg-info file in the current working directory or its parent directories to gain privileges. The issue is confirmed in multiple...

CVE-2013-5129

CVE-2013-5129 affects WebKit in Apple iOS prior to 7. It describes two user-assisted XSS vectors: (1) drag-and-drop and (2) copy-and-paste, allowing an attacker to inject arbitrary script/HTML via data handled by WebKit. The vulnerability arises from how WebKit processes dragged/pasted content an...

Fedora Update for gpm FEDORA-2013-12321

Check for the Version of gpm OpenVAS Vulnerability Test Fedora Update for gpm FEDORA-2013-12321 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

[SECURITY] Fedora 19 Update: gpm-1.20.6-33.fc19

Gpm provides mouse support to text-based Linux applications like the Emacs editor and the Midnight Commander file management system. Gpm also provides console cut-and-paste operations using the mouse and includes a program to allow pop-up menus to appear at the click of a mouse button...

Oracle Linux 6 : python-paste-script (ELSA-2012-1206)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2012-1206 advisory. 1.7.3-5 - fix group permissions in serve.py Resolves: CVE-2012-0878 Tenable has extracted the preceding description block directly from the Oracle Linux securit...