Uninit memory disclosure via truncated images in Firefox

Yello, The recent release of Firefox 32 fixes another interesting image parsing issue found by afl [1]: following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with

[SECURITY] [DSA 3019-1] procmail security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3019-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso September 04, 2014

[ MDVSA-2014:175 ] glibc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:175 http://www.mandriva.com/en/support/security/ __

[WorldCIST'15]: Call for Workshops Proposals; Best papers published in ISI Journals

-- WorldCIST'15 - 3rd World Conference on Information Systems and Technologies Ponta Delgada, Azores *, Portugal 1 - 3 April 2015 http://www.aisti.eu/worldcist15/ -- * Azores is ranked as the second most beautiful archipelago in the world by National Geographic. WORKSHOP FOR

apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error

# * Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. * Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang * Date: 02. January 2014 / 05. September 2014 # * Vendor: Apache * Product: Tomcat * Affected versions (at least):

[ MDVSA-2014:176 ] libgcrypt

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:176 http://www.mandriva.com/en/support/security/ __

[ MDVSA-2014:177 ] squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:177 http://www.mandriva.com/en/support/security/ __

[ MDVSA-2014:178 ] ppp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:178 http://www.mandriva.com/en/support/security/ __

[ MDVSA-2014:179 ] python-django

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:179 http://www.mandriva.com/en/support/security/ __

[slackware-security] mozilla-firefox (SSA:2014-247-02)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2014-247-02) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/

[slackware-security] mozilla-thunderbird (SSA:2014-247-03)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2014-247-03) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+

[slackware-security] php (SSA:2014-247-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] php (SSA:2014-247-01) New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+ patche

[security bulletin] HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Execution of Arbitrary Code and Denial of Service (DoS) and Other Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04223376 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04223376 Version: 1 HPSBUX03102 S

Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]

Hi @ll, on April 8, 2014 Microsoft published an update for Windows 8.1 and Windows Server 2012 R2 (see ) which enables "perfect forward secrecy" per default by reordering of the TLS cipher suites. Unfortunately Microsoft has not published corresponding up

t2’14 Challenge to be released 2014-09-13 10:00 EEST

Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications stopped and we have to assume her new assignment is a permanent

CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2014-5391 === "DOM-based Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "JobScheduler" product Vendor === Software- & Organisations-Service GmbH Product === "JobScheduler is a workload au

CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in "JobScheduler"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2014-5393 === "Path Traversal to Sensitive Files in Webroot" (CWE-219) vulnerability in "JobScheduler" product Vendor === Software- & Organisations-Service GmbH Product === "JobScheduler is a wo

CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2014-5392 === "XML eXternal Entity (XXE)" (CWE-611) vulnerability in "JobScheduler" product Vendor === Software- & Organisations-Service GmbH Product === "JobScheduler is a workload automation to