Security News

[SECURITY] [DSA 4600-1] firefox-esr security update

Bug Traq - 9 January, 2020 - 06:21

Posted by Moritz Muehlenhoff on Jan 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4600-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 09, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-17026 CVE-2019-17024...

[slackware-security] mozilla-firefox (SSA:2020-009-01)

Bug Traq - 9 January, 2020 - 06:17

Posted by Slackware Security Team on Jan 09

[slackware-security] mozilla-firefox (SSA:2020-009-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.4.1esr-i686-1_slack14.2.txz: Upgraded.
This release fixes a critial security issue:
Mozilla Foundation Security Advisory 2020-03: Incorrect alias information
in...

[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)

Bug Traq - 9 January, 2020 - 04:15

Posted by Slackware Security Team on Jan 09

[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.208/*: Upgraded.
IPV6_MULTIPLE_TABLES n -> y
+IPV6_SUBTREES y
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages....

[SECURITY] [DSA 4598-1] python-django security update

Bug Traq - 8 January, 2020 - 05:02

Posted by Salvatore Bonaccorso on Jan 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4598-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 07, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2019-19844
Debian Bug...

[SECURITY] [DSA 4599-1] wordpress security update

Bug Traq - 8 January, 2020 - 04:58

Posted by Sebastien Delafond on Jan 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4599-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 08, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2019-16217 CVE-2019-16218...

[slackware-security] mozilla-firefox (SSA:2020-006-01)

Bug Traq - 7 January, 2020 - 02:21

Posted by Slackware Security Team on Jan 06

[slackware-security] mozilla-firefox (SSA:2020-006-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.4.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4597-1] netty security update

Bug Traq - 6 January, 2020 - 01:57

Posted by Salvatore Bonaccorso on Jan 05

-------------------------------------------------------------------------
Debian Security Advisory DSA-4597-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 03, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : netty
CVE ID : CVE-2019-16869
Debian Bug :...

[TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2)

Bug Traq - 6 January, 2020 - 01:53

Posted by Thierry Zoller on Jan 05


[RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts

Bug Traq - 2 January, 2020 - 11:35

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted cross-site scripting
attacks in its contact module. If IceWarp users import a manipulated
vcard, for example from an email, attackers can run arbitrary JavaScript
code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions:...

[TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO)

Bug Traq - 2 January, 2020 - 11:33

Posted by Thierry Zoller on Jan 02


[TZO-02-2020] Kaspersyk Generic Malformed Archive Bypass (ZIP GFlag)

Bug Traq - 2 January, 2020 - 11:30

Posted by Thierry Zoller on Jan 02


[TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)

Bug Traq - 2 January, 2020 - 11:27

Posted by Thierry Zoller on Jan 02


[RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes

Bug Traq - 2 January, 2020 - 11:23

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to cross-site scripting attacks in notes
for objects. If attackers with access to the IceWarp system provide a
manipulated object that is displayed by users, they can run arbitrary
JavaScript code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions: IceWarp...

Microsoft Windows .Group File / URL Field Code Execution

Bug Traq - 1 January, 2020 - 02:45

Posted by apparitionsec on Dec 31

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.GROUP-FILE-URL-FIELD-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] apparitionsec@gmail
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
Windows ".Group" File Type

Gorup files are a collection of contacts created by Windows Contacts, an embedded contact...
Syndicate content