[SECURITY] [DSA 3498-1] drupal7 security advisory

2016-02-28 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3498-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2016

[SECURITY] [DSA 3499-1] pillow security update

2016-02-28 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3499-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2016

[SECURITY] [DSA 3496-1] php-horde-core security update

2016-02-28 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3496-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2016

Call For Papers - CISTI 2016 Workshops - Deadline March 15

2016-02-28 Thread Maria Lemos
- CISTI'2016 Workshops Gran Canaria, Canary Islands, Spain June 15 - 18, 2016 http://www.aisti.eu/cisti2016/index.php/es/xpto - Introduction

[SECURITY] [DSA 3497-1] php-horde security update

2016-02-28 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3497-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2016

[SECURITY] [DSA 3494-1] cacti security update

2016-02-28 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3494-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 27, 2016

Re: Symantec EP DOS

2016-02-28 Thread hyp3rlinx
*** Be aware "Gerado Sanchez" is re-posting and stealing vulnerability reports work/credits as his own, he is also using similar nicknames, emails etc. ORIGINAL Symantec EP DOS POST from "hyp3rlinx" is found here dated Jul 08 2015. http://www.securityfocus.com/archive/1/535958

[slackware-security] libssh (SSA:2016-057-01)

2016-02-28 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libssh (SSA:2016-057-01) New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/packages/l

[security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution

2016-02-28 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05008367 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05008367 Version: 1 HPSBGN03549

Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege

2016-02-28 Thread Stefan Kanthak
Hi @ll, Cygwin's setup-x86.exe loads and executes UXTheme.dll (on Windows XP also ClbCatQ.dll) and some more DLLs from its "application directory". For software downloaded with a web browser the application directory is typically the user's "Downloads" directory: see

Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege

2016-02-28 Thread Stefan Kanthak
Hi @ll, Google's software_removal_tool.exe alias Chrome Cleanup Tool loads and executes several DLLs from its "application directory" during runtime: * Windows XP: SetupAPI.dll, NTMarta.dll, ClbCatQ.dll, SRClient.dll, UXTheme.dll, RASAPI32.dll, HNetCfg.dll, IPHlpAPI.dll, RASAdHlp.dll, XPSP2Re