Security News
Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update
Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update
[SECURITY] [DSA 4268-1] openjdk-8 security update
Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update
[SECURITY] [DSA 4267-1] kamailio security update
Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
Posted by Asterisk Security Team on Nov 21
Asterisk Project Security Advisory -Product Asterisk
Summary Re-invite with T.38 and malformed SDP causes crash.
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Minor...
AST-2019-007: AMI user could execute system commands.
Posted by Asterisk Security Team on Nov 21
Asterisk Project Security Advisory - AST-2019-007Product Asterisk
Summary AMI user could execute system commands.
Nature of Advisory Remote Code Execution
Susceptibility Remote Authenticated Sessions
Severity Minor...
AST-2019-006: SIP request can change address of a SIP peer.
Posted by Asterisk Security Team on Nov 21
Asterisk Project Security Advisory - AST-2019-006Product Asterisk
Summary SIP request can change address of a SIP peer.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...
[slackware-security] bind (SSA:2019-324-01)
Posted by Slackware Security Team on Nov 21
[slackware-security] bind (SSA:2019-324-01)New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.11.13-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
Set a limit on the number of concurrently served pipelined TCP queries.
For more information, see:...
[SECURITY] [DSA 4574-1] redmine security update
Posted by Moritz Muehlenhoff on Nov 19
-------------------------------------------------------------------------Debian Security Advisory DSA-4574-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : redmine
CVE ID : CVE-2019-17427 CVE-2019-18890...
CVE-2019-16758 Lexmark Services Monitor 2.27.4.0.39 Directory Traversal
Posted by Kevin R on Nov 19
# Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal# Google Dork: N/A
# Date: 2019-11-15
# Exploit Author: Kevin Randall
# Vendor Homepage: https://www.lexmark.com/en_us.html
# Software Link: https://www.lexmark.com/en_us.html
# Version: 2.27.4.0.39 (Latest Version)
# Tested on: Windows Server 2012
# CVE : CVE-2019-16758
Vulnerability: Lexmark Services Monitor (Version 2.27.4.0.39) Runs on
TCP Port 2070. The latest...
Re: A KEYNOTE REVIEW: Bluehat 2019 Alex Stamos
Posted by frank pound on Nov 19
Although not a 0-day buildroot[0] seems to use http to download itstarballs. It would be interesting to see which of the many embedded devices
(like cubesats and rockets??) out there use buildroot or similar systems
akin to buildroot to construct their minimal linux kernel and linux
environments. Firmware updates etc. available as binary downloads might be
constructed with such a build system. I haven't done much research on this
other...
[SECURITY] [DSA 4572-1] slurm-llnl security update
Posted by Moritz Muehlenhoff on Nov 19
-------------------------------------------------------------------------Debian Security Advisory DSA-4572-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : slurm-llnl
CVE ID : CVE-2019-12838
It was...
[SECURITY] [DSA 4573-1] symfony security update
Posted by Moritz Muehlenhoff on Nov 19
-------------------------------------------------------------------------Debian Security Advisory DSA-4573-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : symfony
CVE ID : CVE-2019-18887 CVE-2019-18888...
[SECURITY] [DSA 4568-1] postgresql-common security update
Posted by Moritz Muehlenhoff on Nov 18
-------------------------------------------------------------------------Debian Security Advisory DSA-4568-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : postgresql-common
CVE ID : CVE-2019-3466
Rich...
[SECURITY] [DSA 4569-1] ghostscript security update
Posted by Salvatore Bonaccorso on Nov 18
-------------------------------------------------------------------------Debian Security Advisory DSA-4569-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : ghostscript
CVE ID : CVE-2019-14869
Manfred Paul...
[slackware-security] Slackware 14.2 kernel (SSA:2019-320-01)
Posted by Slackware Security Team on Nov 18
[slackware-security] Slackware 14.2 kernel (SSA:2019-320-01)New kernel packages are available for Slackware 14.2 to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.202/*: Upgraded.
CRYPTO_CRC32C_INTEL m -> y
+X86_INTEL_TSX_MODE_AUTO n
+X86_INTEL_TSX_MODE_OFF y
+X86_INTEL_TSX_MODE_ON n
These updates fix various bugs and security issues,...
[SECURITY] [DSA 4570-1] mosquitto security update
Posted by Salvatore Bonaccorso on Nov 18
-------------------------------------------------------------------------Debian Security Advisory DSA-4570-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : mosquitto
CVE ID : CVE-2019-11779
Debian Bug :...
[SECURITY] [DSA 4571-1] thunderbird security update
Posted by Moritz Muehlenhoff on Nov 18
-------------------------------------------------------------------------Debian Security Advisory DSA-4571-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : thunderbird
CVE ID : CVE-2019-15903 CVE-2019-11764...
XSSer v.1.8[2] - "The Hiv3!" released
Posted by psy on Nov 17
Hi FD,I am glad to present a new release of this tool:
- https://xsser.03c8.net
---------
"Cross Site "Scripter" (aka XSSer) is an automatic -framework- to
detect, exploit and report XSS vulnerabilities in web-based
applications. It provides several options to try to bypass certain
filters and various special techniques for code injection."
---------
XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can...
