Logic Problems - Classic! - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Logic Problems - Classic! published at the 'play' market has multiple vulnerabilities...

Security update to MariaDB 10.0.22 (important)

MariaDB was updated to 10.0.22 to fix security issues and bugs. The following vulnerabilities were fixed in the upstream release: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 A...

BlueHat v15 Announces Schedule and Registration

As we inch closer to the 15th BlueHat Security Conference, we are happy to announce the lineup of speakers and topics for this event. This year will continue with a solid speaker and topic selection that engage engineers, executives, and invited guests to discuss and tackle some of the hardest...

Security update for xen (important)

xen was updated to fix 12 security issues. These security issues were fixed: - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vcp...

SUSE SLED12 / SLES12 Security Update : polkit (SUSE-SU-2015:1838-1)

polkit was updated to the 0.113 release, fixing security issues and bugs. Security issues fixed : - Fixes CVE-2015-4625, a local privilege escalation due to predictable authentication session cookie values. Thanks to Tavis Ormandy, Google Project Zero for reporting this issue. For the future,...

Cesar Cerrudo on Securing Smart Cities

IOActive Labs CTO Cesar Cerrudo talks to Ryan Naraine about major realistic security problems affecting technology implementations of smart cities — from traffic control systems to surveillance cameras and power grids — and warns that the damages from live attacks could be catastrophic. Download:...

Oracle: Security Advisory (ELSA-2015-0047)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Github Mitigates DDoS Attack

Code repository Github mitigated a distributed denial-of-service attack, restoring services this morning around 9 a.m. Eastern time. According to a Github status log, connectivity problems began today around 5:30 a.m. with Github declaring it was under a DDoS attack an hour later. A request for...

[SECURITY] Fedora 21 Update: gnome-abrt-1.0.0-3.fc21

A GNOME application allows users to browse through detected problems and provides them with convenient way for managing these problems...

Debian DLA-242-1 : imagemagick security update

This update fixes a large number of potential security problems due to insufficient data validation when parsing different input formats. Most of those potential security problems do not have a CVE number assigned. While the security implications of all of these problems are not all fully known, ...

General Purpose Fuzzing: Honggfuzz

Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace API / POSIX signal interface to detect and log crashes. Features Easy setup : No complicated configuration files or setup necessary —...

Google Updates Password Alert Extension, But Some Bypasses Still Work

For the second time in less than a week, Google has updated its Password Alert extension for Chrome to address a method for bypassing the warning screens that alert users that they’re entering data on a non-Google site. However, the researcher who discovered the most-recent bypass method said his...

Venafi to Launch Certificate Transparency Log

Three weeks after the first non-Google public log for Certificate Transparency was launched by DigiCert, officials at Venafi said that the company plans to debut its own public CT log. On Jan. 1 Google approved the use of DigiCert’s log, the first CT log that is independent and not operated by...

firefox: multiple issues

CVE-2014-8634 arbitrary remote code execution Christian Holler and Patrick McManus reported memory safety problems and crashes that affect Firefox ESR 31.3 and Firefox 34. - CVE-2014-8635 arbitrary remote code execution Christoph Diehl, Christian Holler, Gary Kwong, Jesse Ruderman, Byron Campen,...

thunderbird: multiple issues

CVE-2014-8634 arbitrary remote code execution Christian Holler and Patrick McManus reported memory safety problems and crashes that affect Firefox ESR 31.3 and Firefox 34. - CVE-2014-8635 arbitrary remote code execution Christoph Diehl, Christian Holler, Gary Kwong, Jesse Ruderman, Byron Campen,...

thunderbird security update

31.4.0-1.0.1.el66 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 31.4.0-1 - Update to 31.4.0 31.3.0-3 - Fixed problems with dictionaries mozbz1097550...

Fedora 19 : phpMyAdmin-4.2.12-1.fc19 (2014-15535)

phpMyAdmin 4.2.12.0 2014-11-20 ================================ - Blank/white page when JavaScript disabled - Multi row actions cause full page reloads - ReferenceError: targeurl is not defined - Incorrect text/icon display in Tracking report - Recordset return from procedure display nothing - Ed...

OracleVM 2.1 : libxml2 (OVMSA-2009-0018)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash CVE-2009-2414, CVE-2009-2416 - Resolves:...

Fedora 20 : fedup-0.9.0-1.fc20 (2014-14027)

Adds --product=PRODUCT flag, required for upgrades to F21 - Uses host's config files in upgrade.img, which should fix various upgrade problems e.g. incorrect keyboard layout when unlocking disks due to missing vconsole.conf - Logging improvements: complete upgrade log should appear in system...

New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue

A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and...