[SECURITY] [DSA 3395-1] krb5 security update

2015-11-06 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3395-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 06, 2015

[ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities

2015-11-06 Thread Timothy Bish
There following security vulnerability was reported against Apache ActiveMQ 5.10.0 and older versions. Please check the following document and see if you’re affected by the issue. http://activemq.apache.org/security-advisories.data/CVE-2014-3576-announcement.txt Apache ActiveMQ 5.11.0 and newer

[slackware-security] mozilla-firefox (SSA:2015-310-01)

2015-11-06 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-310-01) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/

[slackware-security] mozilla-nss (SSA:2015-310-02)

2015-11-06 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-nss (SSA:2015-310-02) New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/p

CVE-2015-5378

2015-11-06 Thread Suyog Rao
Summary: Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent an

CVE-2015-5619

2015-11-06 Thread Suyog Rao
Summary: Logstash 1.5.3 and prior versions are vulnerable to a SSL/TLS security issue which allows an attacker to successfully implement a man in the middle attack. This vulnerability is not present in the initial installation of Logstash. This insecurity is exposed when users configure Lumberjack

NXFilter v3.0.3 Persistent / Reflected XSS

2015-11-06 Thread apparitionsec
[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-XSS.txt Vendor: www.nxfilter.org/p2/ Product: NXFilter v3.0.3 Vulnerability Type: ===

NXFilter v3.0.3 CSRF

2015-11-06 Thread apparitionsec
[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-CSRF.txt Vendor: www.nxfilter.org/p2/ Product: NXFilter v3.0.3 Vulnerability Type: ==

Elasticsearch vulnerability CVE-2015-4165

2015-11-06 Thread Kevin Kluge
Summary: Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to