[FD] APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0

2020-11-15 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211844. Audio Available for: Appl

[FD] APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave

2020-11-15 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-0

[FD] APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0

2020-11-15 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS 14.0 and iPadOS 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211850.

[FD] APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0

2020-11-15 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 tvOS 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211843. Assets Available for: Apple T

[FD] APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0

2020-11-15 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211845. Safari Available for: mac

[FD] APPLE-SA-2020-11-13-2 Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave

2020-11-15 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-11-13-2 Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave addresses the following issues. Information about the security content is also availabl

Re: [FD] Scope of Debian's /home/loser is with permissions 755, default umask 002

2020-11-15 Thread Pim van Stam
> On 12 Nov 2020, at 12:26, Georgi Guninski wrote: > > On Debian /home/loser is with permissions 755, default umask 0022 > > (If you don't understand the numbers, this means a lot of > files are world readable). > > On multiuser machines this sucks much. > > Question: How much sensitive data

[FD] [SYSS-2020-037] Persistent Cross-site Scripting (CWE-79) in REDDOXX MailDepot (CVE-2020-26554)

2020-11-15 Thread Micha Borrmann
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2020-037 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2033 (2.3.3022) Tested Version(s): 2033 (2.3.3022) Vulnerability Type:Persistent Cross-si

Re: [FD] Scope of Debian's /home/loser is with permissions 755, default umask 002

2020-11-15 Thread bo0od
I see this is fixed in Whonix/Kicksecure which they are like hardened debian, One for anonymity (whonix), and one for clearnet (KickSecure). I doubt any distro fixed/hardened that. Maybe this is interesting: https://www.whonix.org/wiki/Dev/Strong_Linux_User_Account_Isolation Georgi Guninski: