The Ambassador

The Ambassador is both warrior and diplomat. He listens to the words of those who deserve influence and guides those in his care as he guides himself. He acts not selfishly but for the betterment of all.

[SECURITY] [DSA 2474-1] ikiwiki security update

Posted by Raphael Geissert on May 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-2474-1 security () debian org
http://www.debian.org/security/ Raphael Geissert
May 16, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ikiwiki
Vulnerability : cross-site scripting
Problem type...


DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection

Posted by ddivulnalert on May 17

Title
-----
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection

Severity
--------
High

Date Discovered
---------------
April 12, 2012

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Chris Graham and r () b13$

Vulnerability Description
-------------------------
Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management
software SOAP...


[security bulletin] HPSBUX02782 SSRT100844 rev.1 - HP-UX Running OpenSSL, Remote Denial of

Posted by security-alert on May 17

Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03333987

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03333987
Version: 1

HPSBUX02782 SSRT100844 rev.1 - HP-UX Running OpenSSL, Remote Denial of
Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2012-05-17
Last...


[security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial

Posted by security-alert on May 17

Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03316985

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03316985
Version: 1

HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial
of Service (DoS), Unauthorized Modification and Disclosure of Information

NOTICE: The information in this Security Bulletin should be...


[ MDVSA-2012:078 ] imagemagick

Posted by security on May 17

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:078
http://www.mandriva.com/security/
_______________________________________________________________________

Package : imagemagick
Date : May 17, 2012
Affected: 2011.
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has...


[ MDVSA-2012:077 ] imagemagick

Posted by security on May 17

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:077
http://www.mandriva.com/security/
_______________________________________________________________________

Package : imagemagick
Date : May 17, 2012
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple...


[SECURITY] [DSA 2473-1] openoffice.org security update

Posted by Florian Weimer on May 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-2473-1 security () debian org
http://www.debian.org/security/ Florian Weimer
May 16, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openoffice.org
Vulnerability : buffer overflow
Problem...


FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability

Posted by demonalex on May 16

Title: FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability
Software : FlashPeak SlimBrowser

Software Version : 6.0.1.38

Vendor: FlashPeak Inc.(www.flashpeak.com/)

Vulnerability Published : 2012-05-16

Vulnerability Update Time :

Status :

Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)

Bug Description :
FlashPeak SlimBrowser is a web browser Software for FREE.
FlashPeak SlimBrowser contains one denial of service...


[PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem

Posted by Timo Warns on May 16

PRE-CERT Security Advisory
==========================

* Advisory: PRE-SA-2012-03
* Released on: 10 May 2012
* Affected product: Linux Kernel 3.3.x <= 3.3.4
2.6.x <= 2.6.35.13
* Impact: code execution / privilege escalation
* Origin: HFS plus file system
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2012-2319

Summary
-------

The Linux kernel contains a vulnerability in the driver...


The story of the Linux kernel 3.x...

Posted by pi3 on May 16

The story of the Linux kernel 3.x...

In 2005 everybody was exited about possibility of bypass ASLR on all
Linux 2.6 kernels because of the new concept called VDSO (Virtual
Dynamic Shared Object). More information about this story can be found
at the following link:
http://www.trilithium.com/johan/2005/08/linux-gate/

In short, VDSO was mmap'ed by the kernel in the user space memory always
at the same fixed address. Because of that...