Security News
[TZO-05-2020] Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size)
Posted by Thierry Zoller on Jan 10
[TZO-07-2020] Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS)
Posted by Thierry Zoller on Jan 10
[SECURITY] [DSA 4601-1] ldm security update
Posted by Moritz Muehlenhoff on Jan 10
-------------------------------------------------------------------------Debian Security Advisory DSA-4601-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 09, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : ldm
CVE ID : not yet available
It was discovered...
[SECURITY] [DSA 4600-1] firefox-esr security update
Posted by Moritz Muehlenhoff on Jan 09
-------------------------------------------------------------------------Debian Security Advisory DSA-4600-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 09, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : firefox-esr
CVE ID : CVE-2019-17026 CVE-2019-17024...
[slackware-security] mozilla-firefox (SSA:2020-009-01)
Posted by Slackware Security Team on Jan 09
[slackware-security] mozilla-firefox (SSA:2020-009-01)New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.4.1esr-i686-1_slack14.2.txz: Upgraded.
This release fixes a critial security issue:
Mozilla Foundation Security Advisory 2020-03: Incorrect alias information
in...
[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
Posted by Slackware Security Team on Jan 09
[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)New kernel packages are available for Slackware 14.2 to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.208/*: Upgraded.
IPV6_MULTIPLE_TABLES n -> y
+IPV6_SUBTREES y
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages....
[SECURITY] [DSA 4598-1] python-django security update
Posted by Salvatore Bonaccorso on Jan 08
-------------------------------------------------------------------------Debian Security Advisory DSA-4598-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 07, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : python-django
CVE ID : CVE-2019-19844
Debian Bug...
[SECURITY] [DSA 4599-1] wordpress security update
Posted by Sebastien Delafond on Jan 08
-------------------------------------------------------------------------Debian Security Advisory DSA-4599-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 08, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : wordpress
CVE ID : CVE-2019-16217 CVE-2019-16218...
[slackware-security] mozilla-firefox (SSA:2020-006-01)
Posted by Slackware Security Team on Jan 06
[slackware-security] mozilla-firefox (SSA:2020-006-01)New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.4.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
[SECURITY] [DSA 4597-1] netty security update
Posted by Salvatore Bonaccorso on Jan 05
-------------------------------------------------------------------------Debian Security Advisory DSA-4597-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 03, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : netty
CVE ID : CVE-2019-16869
Debian Bug :...
[TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2)
Posted by Thierry Zoller on Jan 05
[RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts
Posted by RedTeam Pentesting GmbH on Jan 02
Advisory: IceWarp: Cross-Site Scripting in Notes for ContactsDuring a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted cross-site scripting
attacks in its contact module. If IceWarp users import a manipulated
vcard, for example from an email, attackers can run arbitrary JavaScript
code in the users' browsers.
Details
=======
Product: IceWarp WebMail Server
Affected Versions:...
[TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO)
Posted by Thierry Zoller on Jan 02
[TZO-02-2020] Kaspersyk Generic Malformed Archive Bypass (ZIP GFlag)
Posted by Thierry Zoller on Jan 02
[TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)
Posted by Thierry Zoller on Jan 02
[RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes
Posted by RedTeam Pentesting GmbH on Jan 02
Advisory: IceWarp: Cross-Site Scripting in NotesDuring a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to cross-site scripting attacks in notes
for objects. If attackers with access to the IceWarp system provide a
manipulated object that is displayed by users, they can run arbitrary
JavaScript code in the users' browsers.
Details
=======
Product: IceWarp WebMail Server
Affected Versions: IceWarp...
Microsoft Windows .Group File / URL Field Code Execution
Posted by apparitionsec on Dec 31
[+] Credits: John Page (aka hyp3rlinx)[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.GROUP-FILE-URL-FIELD-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] apparitionsec@gmail
[+] ISR: Apparition Security
[Vendor]
www.microsoft.com
[Product]
Windows ".Group" File Type
Gorup files are a collection of contacts created by Windows Contacts, an embedded contact...
