Please be advised that a security issue affecting the Apache XML Security
Library for C++ has been identified and an updated version released to
address the issue. The full text of the advisory is below, and a signed
version can be found at:
http://santuario.apache.org/secadv/CVE-2011-2516.txt
Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The
script is run when the package installed, and anytime su executes the
script.
reseed(8) performs a unsecured HTTP request to random.org for its
bits, despite random.org offering HTTPS services.
This resulted in a couple of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2273-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
July 06, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02863015
Version: 2
HPSBMA02674 SSRT100487 rev.2 - HP Service Manager and HP Service Center,
Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of
Privileged Information,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
ISC BIND 9 Remote packet Denial of Service against Authoritative and
Recursive Servers
A specially constructed packet will cause BIND 9 (named) to exit,
affecting DNS service.
CVE: CVE-2011-2464
Document Version: 2.0
Posting date: 05 Jul 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ADVISORY NUMBER AID-070611
Advisory # 1:
TITLE
Cross Site Scripting vulnerability in ArubaOS and AirWave
Administration Web Interfaces.
SUMMARY
A persistent Cross Site Scripting vulnerability (XSS) was discovered
where an attacker
could plant
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
ISC BIND 9 Remote Crash with Certain RPZ Configurations
Two defects were discovered in ISC's BIND 9 code. These defects only affect
BIND 9 servers which have recursion enabled and which use a specific
feature of the software known as Response
No response from vendor so far!
And no I didn't request a CVE-identifier, so I'd really appreciate your help :)
Best regards,
Stefan
[ But for what it's worth, I am willing to bet that the script was
added without analyzing these subtle considerations, and that makes it
somewhat scary on its own accord. ]
/mz