[SECURITY] Fedora 27 Update: golang-1.9.4-2.fc27

The Go Programming Language...

[SECURITY] Fedora 26 Update: golang-1.8.7-1.fc26

The Go Programming Language...

CVE-2017-18190

CVE-2017-18190 affects the CUPS printing system. Connected sources confirm a vulnerability where a localhost.localdomain whitelist entry in valid_host() (scheduler/client.c) in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon ...

SQLmap Tamper-API - SQLMap Tamper API To Accept Tamper Scripts From All Languages

It's an API for SQLmap tamper scripts allows you to use your favorite programming language to write your tamper scripts. This API solves SQLmap limitation of accepting only python to write tamper scripts. How it works taper-api.py script sends the payload and kwargs in a JSON format "payload": ""...

Cross-Platform Post-Exploitation HTTP/2 Command & Control Server: Merlin

Merlin is a cross-platform post-exploitation framework that leverages HTTP/2 communications to evade inspection. HTTP/2 is a relatively new protocol that requests Perfect Forward Secrecy PFS encryption cipher suites are used. The use of these cipher suites makes it incredibly difficult to capture...

UBUNTU-CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

Moderate: Red Hat Security Advisory: go-toolset-7 and go-toolset-7-golang security and bug fix update

An update for go-toolset-7 and go-toolset-7-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

[SECURITY] Fedora 25 Update: rubygem-yard-0.8.7.6-4.fc25

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

[SECURITY] Fedora 26 Update: erlang-19.3.6.4-1.fc26

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson...

[SECURITY] Fedora 27 Update: rubygem-yard-0.9.8-4.fc27

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

libxls xls_appendSST Code Execution Vulnerability(CVE-2017-12110)

Summary An exploitable integer overflow vulnerability exists in the xlsappendSST function of libxls 1.4. A specially crafted XLS file can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...

libxls xls_mergedCells Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the xlsmergedCells function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. Tested Versions libxl...

[SECURITY] Fedora 25 Update: golang-1.7.6-3.fc25

The Go Programming Language...

Google Golang Go Information Disclosure Vulnerability

Google Golang Go is a programming language optimized for programming applications on multiprocessor systems by Google. An information disclosure vulnerability exists in Google Golang Go versions prior to 1.8.4 and 1.9.x versions prior to 1.9.1. An attacker can exploit this vulnerability to conduc...

[SECURITY] Fedora 27 Update: golang-1.9.1-1.fc27

The Go Programming Language...

Debian DLA-1123-1 : golang security update

It was discovered that there was an issue in the Go programming language library where an attacker could generate a MIME request such that the server ran out of file descriptors. For Debian 7 'Wheezy', this issue has been fixed in golang version 2:1.0.2-1.1+deb7u1. We recommend that you upgrade...

AZL-79072 CVE-2017-15042 affecting package golang 1.25.7-1

An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was...

CVE-2017-15041

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git...

[SECURITY] Fedora 26 Update: perl-5.24.3-395.fc26

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

[SECURITY] Fedora 27 Update: perl-5.26.1-401.fc27

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...