SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Slackware Security Team on Jan 09

[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.208/*: Upgraded.
IPV6_MULTIPLE_TABLES n -> y
+IPV6_SUBTREES y
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages....

Posted by Salvatore Bonaccorso on Jan 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4598-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 07, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2019-19844
Debian Bug...

Posted by Sebastien Delafond on Jan 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4599-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 08, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2019-16217 CVE-2019-16218...

Posted by Slackware Security Team on Jan 06

[slackware-security] mozilla-firefox (SSA:2020-006-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.4.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Posted by Salvatore Bonaccorso on Jan 05

-------------------------------------------------------------------------
Debian Security Advisory DSA-4597-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 03, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : netty
CVE ID : CVE-2019-16869
Debian Bug :...

Posted by Thierry Zoller on Jan 05

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted cross-site scripting
attacks in its contact module. If IceWarp users import a manipulated
vcard, for example from an email, attackers can run arbitrary JavaScript
code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions:...

Posted by Thierry Zoller on Jan 02

Posted by Thierry Zoller on Jan 02

Posted by Thierry Zoller on Jan 02

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to cross-site scripting attacks in notes
for objects. If attackers with access to the IceWarp system provide a
manipulated object that is displayed by users, they can run arbitrary
JavaScript code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions: IceWarp...

Posted by apparitionsec on Dec 31

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.GROUP-FILE-URL-FIELD-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] apparitionsec@gmail
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
Windows ".Group" File Type

Gorup files are a collection of contacts created by Windows Contacts, an embedded contact...