setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin

A shell command injection flaw was found in the way the setroubleshoot allowexecstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges...

setroubleshoot and setroubleshoot-plugins security update

setroubleshoot 3.2.24-4.0.1 - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com 3.2.24-4 - Catch all subprocess module exceptions 3.2.24-3 - Use subprocess.checkoutput with a sequence of program arguments 3.2.24-2 - Do not use dangerous shell=True...

RedHat Update for setroubleshoot and setroubleshoot-plugins RHSA-2016:1267-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : setroubleshoot and setroubleshoot-plugins (RHSA-2016:1267)

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Oracle Linux 6 : setroubleshoot / and / setroubleshoot-plugins (ELSA-2016-1267)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1267 advisory. - Don't use command.getoutput Resolves: CVE-2016-4445 setroubleshoot-plugins Tenable has extracted the preceding description block directly from the...

CentOS Update for setroubleshoot-plugins CESA-2016:1267 centos6

Check the version of setroubleshoot-plugins SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 6 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1267)

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: setroubleshoot and setroubleshoot-plugins security update

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

setroubleshoot and setroubleshoot-plugins security update

setroubleshoot 3.0.47-12.0.1 - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com 3.0.47-12 - Don't use command.getoutput Resolves: CVE-2016-4445 setroubleshoot-plugins 3.0.40-3.1.0.1 - Add setroubleshoot-plugins-oracle-enterprise.patch 3.0.40-3.1 - Don't u...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

Code injection

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-2832

CVE-2016-2832 affects Mozilla Firefox prior to 47.0, enabling information disclosure of disabled plugins via CSS pseudo-classes. Connected advisories indicate this vulnerability is addressed in Firefox 47 updates (e.g., openSUSE-2016-714/openSUSE-2016-704 patches). Affected component: CSS pseudo-...

Security update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

UBUNTU-CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

Information disclosure of disabled plugins through CSS pseudo-classes — Mozilla

Mozilla developer John Schoenick reported that CSS pseudo-classes can be used by web content to leak information on plugins that are installed but disabled. This can be used for information disclosure through a fingerprinting attack that lists all of the plugins installed by a user on a system,...

drchrono: Information Disclosure

Hey, I found Following Security issue on your site. Information Disclosure :- your Wordpress installation in Disclosing its version Number in https://drchrono.com/blog/readme.html This can a hacker in speeding up the process or information gathering though discovering your wordpress version numbe...

[SECURITY] Fedora 24 Update: pulp-python-1.1.1-1.fc24

Provides a collection of platform plugins and client extensions support for Python packages...

CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...