Bugtraq: [ MDVSA-2014:201 ] kernel

[ MDVSA-2014:201 ] kernel

Bugtraq: Vulnerabilities in WordPress Database Manager v2.7.1

Vulnerabilities in WordPress Database Manager v2.7.1

Bugtraq: Files Document & PDF 2.0.2 iOS – Multiple Vulnerabilities

Files Document & PDF 2.0.2 iOS – Multiple Vulnerabilities

Bugtraq: FileBug v1.5.1 iOS – Path Traversal Web Vulnerability

FileBug v1.5.1 iOS – Path Traversal Web Vulnerability

‘Veteran Unix Admins’ fear desktop emphasis is betraying open sourceA group of “Veteran Unix Admins” reckons too much input from GNOME devs is dumbing down Debian, and in response, is floating the idea of a fork.…

New submitter don_e_b writes I have been asked by a non-profit to help them gather a team of volunteer developers, who they wish to have write an online volunteer sign-up site. This organization has a one large event per year with roughly 1400 volunteers total.I have advised them to investigate existing online volunteer offerings, and they can afford to pay for most that I’ve found so far. In the past two years, they have used a site written by a volunteer that has worked fine for them, but that volunteer is unavailable to maintain or enhance his site this year. They believe the existing online volunteer sign-up sites are not quite right — they feel they have very specific sign-up needs, and can not picture using anything other than their own custom software solution. I am convinced it’s a mistake for this non-profit to create a software development team from a rotating pool of volunteers to write software upon which it is critically dependent. How would you convince them to abandon their plan to dive into project management and use an existing solution?

Read more of this story at Slashdot.




An anonymous reader writes with this excerpt from VentureBeat: Google today announced it is beefing up its two-step verification feature with Security Key, a physical USB second factor that only works after verifying the login site is truly a Google website. The feature is available in Chrome: Instead of typing in a code, you can simply insert Security Key into your computer’s USB port and tap it when prompted by Google’s browser. “When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished,” Google promises. While Security Key works with Google Accounts at no charge, you’ll need to go out and buy a compatible USB device directly from a Universal 2nd Factor (U2F) participating vendor.

Read more of this story at Slashdot.




Ohio LinuxFest isn’t just another excuse to travel. It’s a means for us to fulfill ourselves, and to get honest, tangible feedback for what we do and for what others are doing. It’s a place where ideas are sounded, bent, crumpled and turned until they either come out of the crucible perfect…or useless.

Posted by Vulnerability Lab on Oct 21

Document Title:
===============
FileBug v1.5.1 iOS – Path Traversal Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1342

Release Date:
=============
2014-10-15

Vulnerability Laboratory ID (VL-ID):
====================================
1342

Common Vulnerability Scoring System:
====================================
5.1

Product & Service Introduction:…

itwbennett (1594911) writes A partnership between TV measurement company Nielsen and analytics provider Adobe, announced today, will let broadcasters see (in aggregate and anonymized) how people interact with digital video between devices — for example if you begin watching a show on Netflix on your laptop, then switch to a Roku set-top box to finish it. The information learned will help broadcasters decide what to charge advertisers, and deliver targeted ads to viewers. Broadcasters can use the new Nielsen Digital Content Ratings, as they’re called, beginning early next year. Early users include ESPN, Sony Pictures Television, Turner Broadcasting and Viacom.

Read more of this story at Slashdot.




Posted by Vulnerability Lab on Oct 21

Document Title:
===============
Files Document & PDF 2.0.2 iOS – Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1341

Release Date:
=============
2014-10-14

Vulnerability Laboratory ID (VL-ID):
====================================
1341

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:…

Tuesday’s security updates

Debian has updated mysql-5.5 (multiple vulnerabilities).

Mandriva has updated bugzilla
(multiple vulnerabilities), kernel
(multiple vulnerabilities), mediawiki
(cross-site scripting), perl (denial of
service), python (buffer overflow), and rsyslog (two vulnerabilities).

Oracle has updated qemu-kvm (OL7:
information leak) and rsyslog5 (OL5: denial of service).

Red Hat has updated qemu-kvm
(RHEL7: information leak) and rsyslog
(RHEL5,6: denial of service).

Scientific Linux has updated qemu-kvm (SL7: information leak).

Slackware has updated openssh (SSHFP-checking disabled).

Posted by Larry W. Cashdollar on Oct 21

Title: Vulnerabilities in WordPress Database Manager v2.7.1
Author: Larry W. Cashdollar, @_larry0
Date: 10/13/2014
Download: https://wordpress.org/plugins/wp-dbmanager/
Downloads: 1,171,358
Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/
Contacted: 10/13/2014, Vulnerabilities addressed in v2.7.2.
Full Advisory: http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
CVE: 2014-8334,2014-8335
OSVDBID:…

Nine gadgets from chaebol green-lighted

US spooks will be allowed to access sensitive government information on their KNOX-locked Samsung gadgets from now on.…

As much as I’ve praised the Debian installer in the past, and I’ll praise it a little bit right now, I will also drop it in a hole and throw a shallow layer of dirt over it just because.

[ MDVSA-2014:201 ] kernel

Posted by security on Oct 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:201
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : kernel
Date : October 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple…

Bugtraq: Incredible PBX remote command execution exploit

Incredible PBX remote command execution exploit

Bugtraq: [ MDVSA-2014:196 ] rsyslog

[ MDVSA-2014:196 ] rsyslog

Bugtraq: [ MDVSA-2014:197 ] python

[ MDVSA-2014:197 ] python

Bugtraq: [ MDVSA-2014:198 ] mediawiki

[ MDVSA-2014:198 ] mediawiki