Posted by Mateusz Goik on Feb 06

Hi,

Mathopd - Security Alerts

Directory Traversal Vulnerability

Reported: 2 February 2012

Older versions of the software have a vulnerability that could lead to
directory traversal if the '*' construct for mass virtual hosting is used.

Affected: all 1.4 versions, all 1.5 versions up to 1.5p7.

Fixed in: Mathopd 1.5p7

http://www.mathopd.org/security.html
http://www.mail-archive.com/mathopd%40mathopd.org/msg00392.html

Posted by Stefan Fritsch on Feb 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-2405-1 security () debian org
http://www.debian.org/security/ Stefan Fritsch
February 06, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apache2
Vulnerability : multiple issues
Problem type :...

Posted by Florian Weimer on Feb 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-2404-1 security () debian org
http://www.debian.org/security/ Florian Weimer
February 05, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen-qemu-dm-4.0
Vulnerability : buffer overflow
Problem...

Posted by Luk Claes on Feb 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-2384-2 security () debian org
http://www.debian.org/security/
February 04, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cacti
Vulnerability : several
Problem type : remote...

Posted by security on Feb 03

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:013
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mozilla
Date : February 3, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:...

Posted by Security_Alert on Feb 03

ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability.

EMC Identifier: ESA-2012-010
EMC Identifier: SRCH-7949

CVE Identifier: CVE-2012-0396

Severity Rating: CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Affected products:
EMC SW: EMC Documentum xPlore 1.0 (all patch versions)
EMC SW: EMC Documentum xPlore 1.1 (all patch versions prior to 1.1 P07)
EMC SW: EMC Documentum xPlore 1.2 (all patch versions)...

Posted by Fernando Gont on Feb 03

Folks,

FYI. (the RFC is available at: <http://www.rfc-editor.org/rfc/rfc6528.txt>)

A new Request for Comments is now available in online RFC libraries.

RFC 6528

Title: Defending against Sequence Number Attacks
Author: F. Gont, S. Bellovin
Status: Standards Track
Stream: IETF
Date: February 2012
Pages: 12
Characters: 26917
Obsoletes:...

Posted by Thijs Kinkhorst on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-2403-1 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
February 02, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php5
Vulnerability : code injection
Problem type :...

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-2402-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
February 02, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceape
Vulnerability : several
Problem type : remote...

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-2400-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
February 02, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
Vulnerability : several
Problem type : remote...

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-2401-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
February 02, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat6
Vulnerability : several
Problem type : remote...

Posted by security-alert on Feb 03

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03179825
Version: 1

HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter,
Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-02-02
Last Updated: 2012-02-02

Potential Security Impact:...

Posted by Alex Legler on Feb 02

Like other Linux distribution vendors, Gentoo is currently CC'ing advisories
to the full-disclosure and bugtraq mailing lists.
Starting today, we will be *no longer* publishing our advisories to full-
disclosure or bugtraq.
We are following our colleagues at Ubuntu with this decision.

Users who want to receive advisories via email in the future should subscribe
to the gentoo-announce mailing list, as described here:...

Posted by security-alert on Feb 02

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03179046
Version: 1

HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-02-01
Last Updated: 2012-02-01

------------------------------------------------------------------------------

Potential Security Impact: Remote execution...

Posted by Code Audit Labs on Feb 02

CAL-2012-0004 opera array integer overflow

1 Affected Products
=================
11.60 and prior

2 Vulnerability Details
=====================

Code Audit Labs http://www.vulnhunt.com has discovered a integer
overflow vulnerability in array functions like
Int32Array,Int16Array... .

Opear vendor say "We have reproduced the problem, and determined that it
does not have any security implications, since the crash is a caused by
a memory...

Posted by Fernando Gont on Feb 02

Folks,

We have talked about this one quite a few times (including
<http://blog.si6networks.com/2011/09/router-advertisement-guard-ra-guard.html>).
-- still, most implementations remain broken.

If you care to get this fixed, please provide feedback about this I-D on
the IETF *v6ops* mailing-list <v6ops () ietf org>, and CC me if possible.

Thanks!

Best regards,
Fernando

-------- Original Message --------
Subject: RA-Guard: Advice...

Posted by asemailing on Feb 02

CALL FOR PAPER

2012 ASE/IEEE International Conference on Privacy, Security, Risk, and Trust
Amsterdam, The Netherlands, September 3-6, 2012
WebSite: http://www.asesite.org/conferences/PASSAT/2012/
Workshop Proposal Submission Deadline: March 1, 2012
Paper Submission Deadline: May 11, 2012

================================================================
2012 ASE/IEEE International Conference on Cyber Security
Washington D.C., USA, October 5-7,...

Posted by Apple Product Security on Feb 02

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

OS X Lion v10.7.3 and Security Update 2012-001 is now available and
addresses the following:

Address Book
Available for: OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact: An attacker in a privileged network position may intercept
CardDAV data
Description: Address Book supports Secure Sockets Layer (SSL) for
accessing CardDAV. A downgrade issue caused...

Posted by security on Feb 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:012
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apache
Date : February 2, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:...

Posted by andsarmiento on Feb 01

Attach some PoC analysis related to a XSS vulnerability to phpldapadmin. I previously coordinate with the Cert-US in
order they contact with Sourceforge and Debian, but receive they was unable to put in contact with them.

The first discover was on January 10 for 1.1.6 version, where after noticed that the same vulnerability was discover
previously. For that reason I tested later for version 1.2.2 (sourceforge) and 1.2.0.5 (Debian package)....