[security bulletin] HPESBGN03698 rev.1 - HPE DDMi using OpenSSL, Remote Arbitrary Code Execution, Bypass Security Restrictions, Denial of Service (DoS)

2017-02-13 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05386804 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05386804 Version: 1 HPESBGN03698 rev.1 - HPE

[security bulletin] HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities

2017-02-13 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05385680 Version: 1 HPSBMU03692 rev.1 - HPE

[slackware-security] tcpdump (SSA:2017-041-04)

2017-02-13 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] tcpdump (SSA:2017-041-04) New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. NOTE: These updates also require the updated libpcap package. Here are the details from

[slackware-security] php (SSA:2017-041-03)

2017-02-13 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] php (SSA:2017-041-03) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[slackware-security] openssl (SSA:2017-041-02)

2017-02-13 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openssl (SSA:2017-041-02) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[security bulletin] HPESBHF03704 rev.1 - HPE OfficeConnect Network Switches, Local Unauthorized Data Modification

2017-02-13 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388948 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05388948 Version: 1 HPESBHF03704 rev.1 - HPE

WebKitGTK+ Security Advisory WSA-2017-0002

2017-02-13 Thread Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2017-0002 Date reported : February 10, 2017 Advisory ID: WSA-2017-0002

[security bulletin] HPESBNS03702 rev.1 - HPE NonStop OSS Core Utilities with Bash Shell, Local Arbitrary Command Execution, Elevation of Privilege

2017-02-13 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388115 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05388115 Version: 1 HPESBNS03702 rev.1 - HPE

[SECURITY] [DSA 3784-1] viewvc security update

2017-02-13 Thread Sebastien Delafond
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3784-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond February 09, 2017

[SECURITY] [DSA 3783-1] php5 security update

2017-02-13 Thread Luciano Bello
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3783-1 secur...@debian.org https://www.debian.org/security/Luciano Bello February 08, 2017

TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules

2017-02-13 Thread Pierre Kim
Hello, Please find a text-only version below sent to security mailing lists. The HTML version on "Vulnerabilities found in TP-Link C2 and C20i" is posted here: https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html === text-version of the advisory === -BEGIN

[SECURITY] [DSA 3782-1] openjdk-7 security update

2017-02-13 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3782-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 08, 2017

Authentication bypass vulnerability in Western Digital My Cloud

2017-02-13 Thread Securify B.V.
Authentication bypass vulnerability in Western Digital My Cloud Remco Vermeulen, Januari 2017

Cisco Security Advisory: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

2017-02-13 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability Advisory ID: cisco-sa-20170208-asa Revision 1.0 For Public Release 2017 February 8 16:00 GMT (UTC)

Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability

2017-02-13 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability Advisory ID: cisco-sa-20170208-anyconnect Revision 1.0 For Public Release 2017 February 8 16:00 GMT (UTC)