opensuse-security@xxxxxxxxxxxx</li> <li><span class="identifier"> Date</span>: Tue, 29 May 2018 18:07:29 +0200 (CEST)</li> <li><span class="identifier"> Message-id</span>: &lt;<a href="msg00112.html">[email protected]</a>&gt;</li> </ul> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> </div> <div class="body"> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> openSUSE Security Update: Security update for pdns<br> ______________________________________________________________________________<br> <br> Announcement ID: openSUSE-SU-2018:1462-1<br> Rating: low<br> References: #1092540 <br> Cross-References: CVE-2018-1046<br> Affected Products:<br> SUSE Package Hub for SUSE Linux Enterprise 12<br> ______________________________________________________________________________<br> <br> An update that fixes one vulnerability is now available.<br> <br> Description:<br> <br> <br> pdns was updated to 4.1.2.<br> <br> Security fixes:<br> <br> * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046<br> bsc#1092540)<br> <br> Improvements:<br> <br> * API: increase serial after dnssec related updates<br> * Auth: lower ‘packet too short’ loglevel<br> * Make check-zone error on rows that have content but shouldn’t<br> * Auth: avoid an isane amount of new backend connections during an axfr<br> * Report unparseable data in stoul invalid_argument exception<br> * Backport: recheck serial when axfr is done<br> * Backport: add tcp support for alias<br> <br> Bug Fixes:<br> <br> * Auth: allocate new statements after reconnecting to postgresql<br> * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer)<br> * Rather than crash, sheepishly report no file/linenum<br> * Document undocumented config vars<br> * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate<br> <br> Misc fixes:<br> <br> * Move includes around to avoid boost L conflict<br> * Backport: update edns option code list<br> * Auth: link dnspcap2protobuf against librt when needed<br> * Fix a warning on botan &amp;gt;= 2.5.0<br> * Auth 4.1.x: unbreak build<br> <br> <br> Patch Instructions:<br> <br> To install this openSUSE Security Update use the SUSE recommended <br> installation methods<br> like YaST online_update or &quot;zypper patch&quot;.<br> <br> Alternatively you can run the command listed for your product:<br> <br> - SUSE Package Hub for SUSE Linux Enterprise 12:<br> <br> zypper in -t patch openSUSE-2018-538=1<br> <br> <br> <br> Package List:<br> <br> - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x <br> x86_64):<br> <br> pdns-4.1.2-8.1<br> pdns-backend-godbc-4.1.2-8.1<br> pdns-backend-ldap-4.1.2-8.1<br> pdns-backend-lua-4.1.2-8.1<br> pdns-backend-mydns-4.1.2-8.1<br> pdns-backend-mysql-4.1.2-8.1<br> pdns-backend-postgresql-4.1.2-8.1<br> pdns-backend-remote-4.1.2-8.1<br> pdns-backend-sqlite3-4.1.2-8.1<br> <br> <br> References:<br> <br> <a rel="nofollow" href="https://www.suse.com/security/cve/CVE-2018-1046.html">https://www.suse.com/security/cve/CVE-2018-1046.html</a><br> <a rel="nofollow" href="https://bugzilla.suse.com/1092540">https://bugzilla.suse.com/1092540</a><br> <br> -- <br> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx<br> For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx<br> <br> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!-- SwishCommand noindex --> </div> <table class="bodynav"> <tr> <td align="left"> &lt; Previous </td> <td align="right"> Next &gt; </td> </tr> </table> </div> <div class="visualClear"></div> </div> </div> </div> <div id="column-one"> <a name="indexes"></a> <div class="portlet" id="p-topnav"> <div class="pBody"> <ul> <li><a href="threads.html">Thread Index</a></li> <li><a href="author.html">Author Index</a></li> <li><a href="date.html">Date Index</a></li> <li><a href="all.html">All Messages</a></li> </ul> </div> </div> <div class="portlet" id="p-logo"> <a style="background-image: url(/skins/opensuse/opensuse.gif);" href="../" title="Back"></a> </div> <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> <a name="search"></a> <div id="p-search" class="portlet" style="white-space: nowrap;"> <h5><label for="searchInput">Search this list</label> (Security update for pdns</h5> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <ul> <li><span class="identifier"> From</span>)

pdns was updated to 4.1.2. Security fixes: Dnsreplay: bail out on a too small outgoing buffer CVE-2018-1046 bsc1092540 Improvements: API: increase serial after dnssec related updates Auth: lower ‘packet too short’ loglevel Make check-zone error on rows that have content but shouldn’t Auth:...

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

Vendor: Elasticsearch Product: Logstash CVE: CVE-2014-4326 Affected versions: Logstash 1.0.14 through 1.4.1 Recommendations: All affected users should upgrade to Logstash 1.4.2. We also provide patch instructions for Logstash 1.3.x at the bottom of this note. The vulnerability impacts deployments...

verlihub <= 0.9.8d-RC2 Remote Command Execution Vulnerability

No description provided by source. == verlihub =0.9.8d-RC2 remote r00t / command execution ======================= | ' / | / / \---'-|---\ | |' / / / '. V ,--' ':./ description:-------------------------------------------------------------------- Verlihub is a Direct Connect protocol server; runs...

MyBB 1.6.12 SQL Injection

IIIIIIII RRRRRRRRRRRR HHHHHHHH HHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRRRRRRRR HHHHHHHHHHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIIIIIII RRRRRRRR RRRRRR...

XSS vulnerability in the action links of Confluence's attachments lists.

We have identified and fixed a cross-site scripting XSS vulnerability in the action links of Confluence's attachments lists. All versions from 2.7 to 3.4.7 are affected. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about...

XSS vulnerability in the action links of Confluence's attachments lists.

We have identified and fixed a cross-site scripting XSS vulnerability in the action links of Confluence's attachments lists. All versions from 2.7 to 3.4.7 are affected. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about...

Low: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.0 security update

A patch for JBoss Enterprise Web Platform 5.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.2 and 4.3 security update

A patch for JBoss Enterprise SOA Platform 4.2 and 4.3 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch)

No description provided by source. Blog with a detailed description: http://www.skullsecurity.org/blog/?p=285 And the patch itself: http://www.skullsecurity.org/blogdata/cadaver-0.23.2-h4x.patch mkdir cadaver-h4x cd cadaver-h4x wget http://www.skullsecurity.org/blogdata/cadaver-0.23.2-h4x.patch...

Akamai Technologies Security Advisory 2008-0001 &#40;Download Manager&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------- Akamai Technologies Security Advisory 2008-0001 Akamai ID: 2008-0002 Date: 2008/04/20 Product Name: Download Manager Affected Versions: 2.2.3.6 Fixed Version: 2.2.3.7 CVE IDs: CVE-2008-1770 CVSS...

XSS vulnerability in create/edit/copy page and blogpost actions

panelThe following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString panel Example of a maliciously crafted path:...

XSS vulnerability in create/edit/copy page and blogpost actions

panelThe following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString panel Example of a maliciously crafted path:...

XSS vulnerability in create/edit/copy page and blogpost actions

panelThe following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString panel Example of a maliciously crafted path:...

XSS vulnerability in pagepicker.action and spacepagepicker.action

The following URL's are vulnerable: - /users/pagepicker.action - /users/spacepagepicker.action on formname, fieldname and currentspace panel:bgColor=99ff99 h4. Patch instructions for 2.6.x and 2.7.x 1. Shut down Confluence 2. Copy attached pagepicker.vm to confluence/users/ 3. Start up Confluence...

XSS vulnerability in pagepicker.action and spacepagepicker.action

The following URL's are vulnerable: - /users/pagepicker.action - /users/spacepagepicker.action on formname, fieldname and currentspace panel:bgColor=99ff99 h4. Patch instructions for 2.6.x and 2.7.x 1. Shut down Confluence 2. Copy attached pagepicker.vm to confluence/users/ 3. Start up Confluence...

Akamai Technologies Security Advisory 2007-0001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------- Akamai Technologies Security Advisory 2007-0001 Akamai ID: 2007-0001 Date: 2007/04/16 Product Name: Download Manager Affected Versions: 2.2.1.0 Fixed Version: 2.2.1.0 CVE IDs: CVE-2007-1891...

Application Enhancer (APE) 2.0.2 - Local Privilege Escalation

!/usr/bin/ruby Exploit Of The Apes: A practical pwnage for Application UNEnhancer aka APU c 2006 LMH and Johnny Pwnerseed. This goes dedicated to macdev. For the childish flaming and great brain lag. Lesson: Don't talk about stuff you have NFC about. And don't insult people. Once you do it, and g...

Cisco Collaboration Server (CCS) ServletExec allows arbitrary file uploading

Overview There is a vulnerability in the ServletExec subcomponent of the Cisco Collaboration Server CCS that could allow an attacker to upload arbitrary files to the server. Description The Cisco Collaboration Server CCS is designed to provide interactive customer support web page sharing,...

phpscripts.txt

Informations : °°°°°°°°°°°°°° Website : http://www.phpscripts-fr.net Version : all Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° config/fonctions.lib.php dernierscommentaires.php admin.php ------------------------------------------------------------------ if !isset$rep $rep = './...

Gallery XSS security advisory &#40;with fix and patch instructions&#41;

PROBLEM DESCRIPTION Gallery is an open source image management system. Learn more about it at http://gallery.sourceforge.net Gallery has a feature that allows users to search their image captions and descriptions for specific search terms. A typo in the security code of this feature permits a cro...