Assorted[chips] Security Vulnerabilities

Linux kernel vulnerabilities

Releases Ubuntu 10.10 Packages linux - Linux kernel Details Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. (CVE-2010-4529) Dan Rosenburg...

Android NFC Bug Could Be First Of Many

Google is working on a fix for a newly discovered vulnerability affecting Nexus S Android phones that could cause applications on the phone to crash using incorrectly formated Near Field Communications (NFC) transactions. The issue, which will be discussed at an upcoming technical conference on...

Debian DSA-2264-1 : linux-2.6 - privilege escalation/denial of service/information leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2010-2524 David Howells reported an issue in the Common...

[SECURITY] [DSA 2264-1] linux-2.6 security update

Debian Security Advisory DSA-2264-1 [email protected] http://www.debian.org/security/ dann frazier June 18, 2011 http://www.debian.org/security/faq Package : linux-2.6 Vulnerability : privilege escalation/denial of...

Ubuntu 10.04 LTS : linux, linux-ec2 vulnerabilities (USN-1141-1)

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) Alexander Duyck discovered that the Intel Gigabit Ethernet...

Debian DSA-2240-1 : linux-2.6 - privilege escalation/denial of service/information leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux ...

Linux kernel vulnerabilities

Releases Ubuntu 10.04 Packages linux - Linux kernel linux-ec2 - Linux kernel for EC2 Details Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a...

Is Google Wallet Secure? What You Need to Know

Google announced its long-awaited mobile payments platform, Google Wallet, in New York City on Thursday. The company claims it will revolutionize commerce. But with stories about massive data breaches and hacks an almost daily occurance, consumers are most concerned about whether Google Wallet is.....

[SECURITY] [DSA 2240-1] linux-2.6 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Debian Security Advisory DSA-2240-1 [email protected] http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq Package : linux-2.6...

[SECURITY] [DSA 2240-1] linux-2.6 security update

Debian Security Advisory DSA-2240-1 [email protected] http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq Package : linux-2.6 Vulnerability : privilege escalation/denial of...

Linux kernel 2.6.39 released - Update Now !

Linux kernel 2.6.39 released - Update Now ! After just 65 days of development, Linus Torvalds has released version 2.6.39 of the Linux kernel. The new release includes support for ipset which simplified firewall configuration and deployment by allowing updatable and quickly searchable external...

SuSE Update for kernel SUSE-SA:2011:020

Check for the Version of...

openSUSE Security Update : kernel (openSUSE-SU-2011:0346-1)

This update of the openSUSE 11.2 kernel fixes lots of security issues. Following security issues were fixed: CVE-2011-1493: In the rose networking stack, when parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than expected, resulting in.....

SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4384 / 4386)

The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.36 and fixes various bugs and security issues. The following security issues were fixed : When parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than...

SuSE 11.1 Security Update : Linux kernel (SAT Patch Number 4376)

The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.36 and fixes various bugs and security issues. The following security issues were fixed : When parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than...

SuSE Update for kernel SUSE-SA:2011:017

Check for the Version of...

Zynga hacker,Ashley Mitchell jailed for two years !

Zynga hacker,Ashley Mitchell jailed for two years ! British bloke Ashley Mitchell, 29, has been jailed for two years after stealing some 400 billion virtual gaming chips gaming company Zynga. Mitchell hacked his way into Zynga's back-end systems by pinching the identities of two Zynga...

iTunes Users Complain Of Account Hacks

More than six months after reports of wide-scale compromises of accounts at Apple’s popular iTunes online store, there are fresh reports that suggest that the accounts of iTunes users are being used to make fraudulent purchases of music, games and other merchandise. Reports in the Apple forums...

Social gaming Website Zynga Hacked, $12 million worth Poker chips Stolen !

Apparently, one guy managed to hack into social gaming giant Zynga. It transferred 400 billion (!) Poker chips virtual about him and began to sell on the black market. (Yes, apparently, is there a black market for virtual Zynga Poker Chips.) They were worth about $ 12 million. This is how the...

All about Microsoft Windows 8 !

Only Microsoft knows how the abutting adaptation of its Windows operating arrangement will attending and what it will be called, but big changes could be advanced for the OS that assemblage accredit to as "Windows 8." At this year's Consumer Electronics Appearance in Las Vegas, Microsoft appear...

Oracle Linux 5.6 kernel security and bug fix update

[2.6.18-238.el5] - [net] bnx2: remove extra call to pci_map_page (John Feeney) [663509] - [fs] nfs: set lock_context field in nfs_readpage_sync (Jeff Layton) [663853] [2.6.18-237.el5] - [block] fully zeroize request struct in rq_init (Rob Evers) [662154] - [scsi] qla4xxx: update to...

Kinect hackers take control of the action !

Christopher Baker spent Boxing Day as a VJ – video jockey – for a warehouse party in Liverpool. Among the items being used was a Microsoft Kinect controller, normally used to play Xbox 360 games such as Kinectimals or Kinect Sports. But Baker wasn't playing games: the system was rigged up to a...

Windows 8 to run on smartphone chips !

In his keynote speech at the Consumer Electronics Show (CES) in Las Vegas, Microsoft CEO Steve Ballmer revealed that Windows 8, the next version of Microsoft's desktop operating system, will be able to run on much smaller mobile devices like phones. He revealed that Windows 8 will support...

Fei Ye and Ming Zhong (Transmeta, Sun Microsoystems, NEC and Trident Microsystems)

Ye and Zhong were alleged to have obtained trade secrets, including designs for super integrated circuit chips from a variety of Silicon Valley firms through a front company, Supervision, Inc. a/k/a Hangzhou Zhongtian Microsystems Company Ltd. The two posed as legitimate businessmen interested in.....

New Intel Chips Support SMS Kill Switch

HED: New Intel Chips Support SMS Kill Switch DEK: Anti Theft 3 Chips Can be disabled via 3G Networks New computer processors from Intel Corp, due out in 2011, can be disabled using an SMS “poison pill” message sent over any 3G cellular network, according to Intel documentation. The new anti-theft.....

Experts: OpenBSD Backdoor Allegations 'Almost Certainly False'

The incredible allegations that developers working under the auspices of the FBI and Justice Department planted a backdoor in the IPSec stack of the OpenBSD operating system are likely just that, experts say: not credible. “There is no way that the FBI paid anyone to create backdoors in OpenBSD...

Fedora 12 : kernel-2.6.32.16-141.fc12 (2010-10880)

Update to kernel 2.6.32.16: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.16 Additional fixes without associated bug numbers: Fix overscheduling bug causing performance loss on large machines. Add support for sky2 network adapters with Optima chips. Make hdpvr infrared controller...

Researcher Finds Holes Aplenty in Wireless Chips

A new study from Prof. Avishai Wool of Tel Aviv University’s School of Electrical Engineering finds serious security drawbacks in chips that are being embedded in credit, debit and “smart” cards. The vulnerabilities of this electronic approach — and the vulnerability of the private information...

AV Scans Slowing Down Your Machine? Think Again

By Roel Schouwenberg As a technology enthusiast — or geek — I always enjoy looking into new technologies. Although it’s no longer directly cutting edge, I recently started exploring the wonderful world of Solid State Disks (SSDs). SSDs may, to some extent, influence how anti-virus (AV) programs...

Oracle Enterprise Linux 5.5 kernel security and bug fix update

[2.6.18-194.el5] - [net] mlx4: pass attributes down to vlan interfaces (Doug Ledford) [573098] - [block] cfq-iosched: fix sequential read perf regression (Jeff Moyer) [571818] [2.6.18-193.el5] - [fs] gfs2: locking fix for potential dos (Steven Whitehouse) [572390] {CVE-2010-0727} - [acpi]...

Research Finds Crystal Material For Chip Security

Researchers at Florida State University have discovered crystals that could lead to super security chips. The security chips could store encrypted data written two different ways — electrically and magnetically — making extraction of the data more complex and so more difficult for attackers to...

Microsoft DirectX Crafted MJPEG Stream Handling Code Execution (MS08-033; CVE-2008-0011)

Microsoft DirectX is a software component which contains a set of APIs that provide access to graphics acceleration chips and sound cards and other types of media hardware. These APIs control low-level functions including graphics acceleration, support for input devices (such as joysticks,...

Oracle Enterprise Linux 5.4 kernel security and bug fix update

[2.6.18-164.el5] - [misc] information leak in sigaltstack (Vitaly Mayatskikh ) [515396] - [misc] execve: must clear current->clear_child_tid (Oleg Nesterov ) [515429] - [net] igb: set lan id prior to configuring phy (Stefan Assmann ) [508870] - [net] udp: socket NULL ptr dereference (Vitaly...

MDVA-2009:056 : x11-driver-video-intel

The intel driver shipped wtih 2009.0 had problems when sealing with some Intel x4500MHD graphics chips like that found on Sony Vaio FW series laptops. This package includes an upstream fix for this...

Mandriva Update for kernel MDKSA-2007:047 (kernel)

Check for the Version of...

Mandriva Update for kernel MDKSA-2007:047 (kernel)

Check for the Version of...

Ubuntu Update for xorg, xorg-server vulnerabilities USN-403-1

Ubuntu Update for Linux kernel vulnerabilities...

Ubuntu Update for freetype, libxfont, xorg, xorg-server vulnerabilities USN-448-1

Ubuntu Update for Linux kernel vulnerabilities...

Updated kernel packages for Oracle Enterprise Linux 4.7

[2.6.9-78] -alsa: Fix mic not working for HP XW series (Brian Maly) [453783] [2.6.9-77] -alsa: Add missing quirks for alc262 (Brian Maly) [453783] -Revert 'i8042: remove polling timer support - Original bz 246233' (Vivek Goyal) [450918] [2.6.9-76] -tty: fix tty holes (Vivek Goyal) [453155]...

CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs Multiple vulnerabilities in Google's Android SDK Advisory Information Title: Multiple vulnerabilities in Google's Android SDK Advisory ID: CORE-2008-0124...

Multiple Vulnerabilities in Google's Android

Advisory Information Title: Multiple vulnerabilities in Google's Android SDK Advisory ID: CORE-2008-0124 Advisory URL: https://www.coresecurity.com/core-labs/advisories/advisory-google Date published: 2008-03-04 Date of last update: 2008-03-04 Vendors contacted: Google Release mode: Coordinated...

Core Security Technologies Advisory 2008.0124

...

SuSE 10 Security Update : Intel i810 chips (ZYPP Patch Number 4728)

The drm i915 component in the kernel before 2.6.22.2, when used with i965G and later chips ets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) t o write to arbitrary memory locations and gain privileges via a crafted batchbuffer. This update also provides the...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 2399)

This kernel update fixes the following security problems : A bug within the UDF filesystem that caused machine hangs when truncating files on the filesystem was fixed. [#186226]. (CVE-2006-4145) A potential crash when receiving IPX packets was fixed. This problem is thought not to...

Ubuntu 5.10 / 6.06 LTS / 6.10 : freetype, libxfont, xorg, xorg-server vulnerabilities (USN-448-1)

Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. (CVE-2007-1003) Greg MacManus of iDefense Labs...

Ubuntu 5.10 / 6.06 LTS / 6.10 : xorg, xorg-server vulnerabilities (USN-403-1)

The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding...

Fedora 7 : kernel-2.6.22.4-65.fc7 (2007-1785)

Update to kernel 2.6.22.2, 2.6.22.3 and 2.6.22.4: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4 Fix failure to find serial ports on some machines. ...

Fedora Core 6 : kernel-2.6.22.4-45.fc6 (2007-679)

Update to linux 2.6.22.3 and 2.6.22.4: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4 CVE-2007-3848: Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running....

Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure

Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information...

Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure

...