The Ambassador

The Ambassador is both warrior and diplomat. He listens to the words of those who deserve influence and guides those in his care as he guides himself. He acts not selfishly but for the betterment of all.

[slackware-security] mozilla-thunderbird (SSA:2014-204-03)

Posted by Slackware Security Team on Jul 24

[slackware-security] mozilla-thunderbird (SSA:2014-204-03)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...


Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398

Posted by Vulnerability Lab on Jul 24

Document Title:
===============
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1102

Barracuda Networks Security ID (BNSEC): BNSEC-2398
https://www.barracuda.com/support/knowledgebase/501600000013m1P

Video: http://www.vulnerability-lab.com/get_content.php?id=1210

Vulnerability Magazine:...


[slackware-security] mozilla-firefox (SSA:2014-204-02)

Posted by Slackware Security Team on Jul 24

[slackware-security] mozilla-firefox (SSA:2014-204-02)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-24.7.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...


[slackware-security] httpd (SSA:2014-204-01)

Posted by Slackware Security Team on Jul 24

[slackware-security] httpd (SSA:2014-204-01)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.10-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection...


[security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities

Posted by security-alert on Jul 24

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04379485

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04379485
Version: 1

HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows
running OpenSSL, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....


[SECURITY] [DSA 2987-1] openjdk-7 security update

Posted by Moritz Muehlenhoff on Jul 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-2987-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-7
CVE ID : CVE-2014-2483 CVE-2014-2490...


[SECURITY] [DSA 2986-1] iceweasel security update

Posted by Moritz Muehlenhoff on Jul 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-2986-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1544 CVE-2014-1547...


Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

Posted by Stefan Kanthak on Jul 24

Hi @ll,

the import function of Windows Mail executes a rogue program C:\Program.exe
with the credentials of another account, resulting in a privilege escalation!

1. Fetch <http://home.arcor.de/skanthak/download/SENTINEL.EXE> and save it as
C:\Program.exe

2. Start Windows Mail (part of Windows Vista and Windows Server 2008)

3. On the File menu, click Identities

4. On the entry page of the wizard click [ Continue > ]

5. Select...


[security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information

Posted by security-alert on Jul 24

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04378799

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04378799
Version: 1

HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows
running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized
Access, Disclosure of Information

NOTICE: The...


[security bulletin] HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information

Posted by security-alert on Jul 23

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04374202

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04374202
Version: 1

HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code,
Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...