Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
3c8cc2b5a7eb3b24d1494c99ff37f6e9ac6f7c5207a1e8d7b4e61919ba875881Ubuntu Security Notice 2057-1 - It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service.
3023731e05cb170f3c2ec2c9455de1dc37e2de053b30274317d9787b8a01e016Red Hat Security Advisory 2013-1853-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.0 release serves as a replacement for JBoss Operations Network 3.1.2, and includes several bug fixes.
dbd543071b01d4b700875aa71439e1cdfedf225ca4e629df2fd1c6fbeee18f9dRed Hat Security Advisory 2013-1852-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.
408e9dced4a78063d46a3c5ad841cd1da280aba9d71105691fed772205ec9fe9Red Hat Security Advisory 2013-1850-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash
512aeb66961c16223628ab66d15593f1a5a271ed409cbf61778f83fb297cd372Red Hat Security Advisory 2013-1851-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.
2052be0f7c8339b1c51ce9226e2c8cb26ff56c810deb0045d626a93fea5dbe68Mandriva Linux Security Advisory 2013-287 - Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive. Drupal's form API has built-in cross-site request forgery validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations. Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances. Image field descriptions are not properly sanitized before they are printed to HTML, thereby exposing a cross-site scripting vulnerability. A cross-site scripting vulnerability was found in the Color module. A malicious attacker could trick an authenticated administrative user into visiting a page containing specific JavaScript that could lead to a reflected cross-site scripting attack via JavaScript execution in CSS. The Overlay module displays administrative pages as a layer over the current page , rather than replacing the page in the browser window. The Overlay module did not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. The updated packages has been upgraded to the 7.24 version which is unaffected by these security flaws. Additional apache ACL restrictions has been added to fully conform to the SA-CORE-2013-003 advisory.
fed306c15c990831cfcb57bfa68e96fad895d550493f9d8e5b93559533ece6beMandriva Linux Security Advisory 2013-288 - mod_dontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured by mod_dontdothat. When SVNAutoversioning is enabled via SVNAutoversioning on, commits can be made by single HTTP requests such as MKCOL and PUT. If Subversion is built with assertions enabled any such requests that have non-canonical URLs, such as URLs with a trailing /, may trigger an assert. An assert will cause the Apache process to abort.
2b284bf5957b911f55f105df884a9ca0150a711e87f044206c4afb31ef1b6e5eSlackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
5269c145b787ba0b2cab78ef991f46f5cde902a7ef9f94de118429b5cef0dfc5Slackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
82b80a4b39cbc2f9e4d1fd69516d4b4b5c6cce2e9d57571c0b45c8df583cd24aSlackware Security Advisory - New libjpeg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
3e973178e555d20266eeb8d1dbcd714d627496aac57d36741091e9b882a4b23cSlackware Security Advisory - New llvm packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
e40b7a87e8779bf5789ddc70f07b9c5419c548417c0e9525ce6a5602946a05ceSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
338a04e049a16be8021d619d106755fe981ea4d1c82a61d93f4208f3d6decc5fSlackware Security Advisory - New libiodbc packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
1cb16d0d8f5f65e0412c35d5ec5d3f567bee88da0a60a8988c71d7d05a0b95f4Debian Linux Security Advisory 2820-1 - It was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems.
52579bb6c1260754549b627f26a19aca1783ce6249a99e6f328515fe8c576c88
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed