krb5 -- requires_preauth bypass in PKINIT-enabled KDC

MIT reports: In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an...

zenphoto -- multiple vulnerabilities

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

django -- Fixed session flushing in the cached_db backend

The Django project reports: A change to session.flush in the cacheddb session backend in Django 1.8 mistakenly sets the session key to an empty string rather than None. An empty string is treated as a valid session key and the session cookie is set accordingly. Any users with an empty string in...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 37 security fixes in this release, including: 474029 High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. 464552 High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. 444927 High CVE-2015-1254: Cross-origin bypass in Editing. Credit to...

ipsec-tools -- Memory leak leading to denial of service

Javantea reports: It is a null dereference crash, leading to denial of service against the IKE daemon...

avidemux26 -- multiple vulnerabilities in bundled FFmpeg

The Mageia project reports: Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these security issues and other bugs fixed upstream in FFmpeg...

dnsmasq -- remotely exploitable buffer overflow in release candidate

Simon Kelley reports: Anyone running 2.73rc6 or 2.73rc7 should be aware that there's a remotely exploitable buffer overflow in those trees. I just tagged 2.73rc8, which includes the fix. Corrections from second URL...

strongswan -- Denial-of-service and potential remote code execution vulnerability

StrongSwan Project reports A denial-of-service and potential remote code execution vulnerability triggered by crafted IKE messages was discovered in strongSwan. Versions 5.2.2 and 5.3.0 are affected...

php -- multiple vulnerabilities

PHP development team reports: Fixed bug 69364 PHP Multipart/form-data remote DoS Vulnerability. CVE-2015-4024 Fixed bug 69418 CVE-2006-7243 fix regressions in 5.4+. CVE-2015-4025 Fixed bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4022 Fixed bug 68598 pcntlexec...

rubygems -- request hijacking vulnerability

Jonathan Claudius reports: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specifically a SRV record rubygems.tcp under the original requested domain. RubyGems did not...

Pligg CMS -- XSS Vulnerability

Netsparker reports: Proof of Concept URL for XSS in Pligg CMS: Page: groups.php Parameter Name: keyword Parameter Type: GET Attack Pattern: http://example.com/pligg-cms-2.0.2/groups.php?view=search&keyword='+alert0x000D82+' For more information on cross-site scripting vulnerabilities read the...

phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities

The phpMyAdmin development team reports: XSRF/CSRF vulnerability in phpMyAdmin setup. By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. This vulnerability only affects the configuration file generation process and...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-46 Miscellaneous memory safety hazards rv:38.0 / rv:31.7 MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer MFSA-2015-48 Buffer overflow with SVG content and CSS MFSA-2015-49 Referrer policy ignored when links opened by middle-click and...

tomcat -- multiple vulnerabilities

Apache Software Foundation reports: Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be...

wireshark -- multiple vulnerabilities

Wireshark development team reports: The following vulnerabilities have been fixed. wnpa-sec-2015-12 The LBMR dissector could go into an infinite loop. Bug 11036 CVE-2015-3808, CVE-2015-3809 wnpa-sec-2015-13 The WebSocket dissector could recurse excessively. Bug 10989 CVE-2015-3810 wnpa-sec-2015-1...

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the lates...

proxychains-ng -- current path as the first directory for the library search path

Mamoru TASAKA reports: proxychains4 sets LDPRELOAD to dlopen libproxychains4.so and execvp the arbitrary command user has specified. proxychains4 sets the current directory as the first path to search libproxychains4.so...

py-salt -- potential shell injection vulnerabilities

Colton Myers reports: In order to fix potential shell injection vulnerabilities in salt modules, a change has been made to the various cmd module functions. These functions now default to pythonshell=False, which means that the commands will not be sent to an actual shell. The largest side effect...

wordpress -- 2 cross-site scripting vulnerabilities

Samuel Sidler reports: The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org including the Twenty Fifteen default theme have been update...

suricata -- TLS/DER Parser Bug (DoS)

OISF Development Team reports: The OISF development team is pleased to announce Suricata 2.0.8. This release fixes a number of issues in the 2.0 series. The most important issue is a bug in the DER parser which is used to decode SSL/TLS certificates could crash Suricata. This issue was reported b...

hostapd and wpa_supplicant -- multiple vulnerabilities

Jouni Malinen reports: WPS UPnP vulnerability with HTTP chunked transfer encoding. 2015-2 - CVE-2015-4141 Integer underflow in AP mode WMM Action frame processing. 2015-3 - CVE-2015-4142 EAP-pwd missing payload length validation. 2015-4 - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146...

squid -- client-first SSL-bump does not correctly validate X509 server certificate

Squid security advisory 2015:1 reports: Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields. The bug is important because it allows remote servers to bypass client certificate validation. Some attackers may also be able to use...

testdisk -- buffer overflow with malicious disk image

CGSecurity TestDisk Changelog reports: Various fix including security fix, thanks to: Coverity scan Static Analysis of source code afl-fuzz security-oriented fuzzer. Denis Andzakovic from Security Assessment for reporting an exploitable Stack Buffer Overflow. Denis Andzakovic reports: A buffer...

libssh -- null pointer dereference

Andreas Schneider reports: libssh versions 0.5.1 and above have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet which leads to a null pointer dereference. This...

cURL -- sensitive HTTP server headers also sent to proxies

cURL reports: libcurl provides applications a way to set custom HTTP headers to be sent to the server by using CURLOPTHTTPHEADER. A similar option is available for the curl command-line tool with the '--header' option. When the connection passes through an HTTP proxy the same set of headers is se...

qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")

Jason Geffner, CrowdStrike Senior Security Researcher reports: VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine VM...

clamav -- multiple vulnerabilities

ClamAV project reports: ClamAV 0.98.7 is here! This release contains new scanning features and bug fixes. Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. Fix crash on crafted petite packed file. Reported and pat...

pcre -- multiple vulnerabilities

PCRE development team reports: A pattern such as "?20,1999?", which has a group containing a forward reference repeated a large but limited number of times within a repeated outer group that has a zero minimum quantifier, caused incorrect code to be compiled, leading to the error "internal error:...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 5 security fixes in this release, including: 453279 High CVE-2015-1243: Use-after-free in DOM. Credit to Saif El-Sherei. 481777 CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives...

wordpress -- cross-site scripting vulnerability

Gary Pendergast reports: WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable...

elasticsearch -- directory traversal attack with site plugins

Elastic reports: Vulnerability Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch when one or more site plugins are installed, or when Windows is the server OS...

Vulnerability in HWP document filter

US-CERT/NIST reports: The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write...

gnutls -- MD5 downgrade in TLS signatures

Karthikeyan Bhargavan reports: GnuTLS does not by default support MD5 signatures. Indeed the RSA-MD5 signature-hash algorithm needs to be explicitly enabled using the priority option VERIFYALLOWSIGNRSAMD5. In the NORMAL and SECURE profiles, GnuTLS clients do not offer RSA-MD5 in the signature...

dcraw -- integer overflow condition

ocert reports: The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpegstart function. A malicious...

Quassel IRC -- SQL injection vulnerability

Quassel IRC developers report: Restarting a PostgreSQL database while Quassel Core is running would not properly re-initialize the database session inside Quassel, bringing back an old security issue CVE-2013-4422...

powerdns -- Label decompression bug can cause crashes or CPU spikes

The PowerDNS project reports: A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause...

wpa_supplicant -- P2P SSID processing vulnerability

Jouni Malinen reports: A vulnerability was found in how wpasupplicant uses SSID information parsed from management frames that create or update P2P peer entries e.g., Probe Response frame or number of P2P Public Action frames. SSID field has valid length range of 0-32 octets. However, it is...

cURL -- multiple vulnerabilities

cURL reports: libcurl keeps a pool of its last few connections around after use to facilitate easy, convenient, and completely transparent connection re-use for applications. When doing HTTP requests NTLM authenticated, the entire connection becomes authenticated and not just the specific HTTP...

wordpress -- multiple vulnerabilities

Gary Pendergast reports: WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could...

xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo

The Xen Project reports: The handler for XENDOMCTLgettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar leak existed in XENSYSCTLgetdomaininfolist, which is being addressed here regardless of that operation being declared unsafe for disaggregation by XSA-7...

mozilla -- use-after-free

The Mozilla Project reports: MFSA 2015-45 Memory corruption during failed plugin initialization...

Several vulnerabilities found in PHP

The PHP project reports: The PHP development team announces the immediate availability of PHP 5.4.40. 14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version. The PHP...

inspircd -- DoS

Inspircd reports: This release fixes the issues discovered since 2.0.18, containing multiple important stability and correctness related improvements, including a fix for a bug which allowed malformed DNS records to cause netsplits on a network...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Security: Added HTTP "Host" header character validation to prevent cache poisoning attacks when baseurl auto-detection is used. Security: Added FSCommand and seekSegmentTime to the "evil attributes" list in CISecurity::xssclean...

proftpd -- arbitrary code execution vulnerability with chroot

ProFTPd development team reports: Vadim Melihow reported a critical issue with proftpd installations that use the modcopy module's SITE CPFR/SITE CPTO commands; modcopy allows these commands to be used by unauthenticated clients...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 45 new security fixes, including: 456518 High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. 313939 Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. 461191 High CVE-2015-1237: Use-after-free in IPC. Credit to Khali...

Adobe Flash Player -- critical vulnerabilities

Adobe reports: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-3043 exists in...

libxml2 -- Enforce the reader to run in constant memory

Daniel Veilland reports: Enforce the reader to run in constant memory. One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect...

sqlite -- multiple vulnerabilities

NVD reports: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, a...

Ruby -- OpenSSL Hostname Verification Vulnerability

Ruby Developers report: After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. I...