PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319)

2014-03-13 Thread Hanno Böck
PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319) References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2319 http://int21.de/cve/CVE-2014-2319-powerarchiver.html http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/

Synology DSM4 Blind SQL Injection

2014-03-13 Thread Michael Wisniewski
~~ Title: Synology DSM Blind SQL Injection Version affected: = 4.3-3827 Vendor: Synology Discovered by: Michael Wisniewski Status: Patched ~~ The file /photo/include/blog/article.php contains a Blind SQL Injection Vulnerability in the 'value' variable in the URL. The vendor was contacted

[SECURITY] [DSA 2877-1] lighttpd security update

2014-03-13 Thread Michael Gilbert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2877-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert March 12, 2014

[slackware-security] mutt (SSA:2014-071-01)

2014-03-13 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mutt (SSA:2014-071-01) New mutt packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--+

[ MDVSA-2014:051 ] file

2014-03-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:051 http://www.mandriva.com/en/support/security/

[ MDVSA-2014:052 ] net-snmp

2014-03-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:052 http://www.mandriva.com/en/support/security/

[ MDVSA-2014:053 ] libssh

2014-03-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:053 http://www.mandriva.com/en/support/security/

[ MDVSA-2014:055 ] owncloud

2014-03-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:055 http://www.mandriva.com/en/support/security/

[ MDVSA-2014:054 ] otrs

2014-03-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:054 http://www.mandriva.com/en/support/security/

Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS

2014-03-13 Thread Tim Brown
Might have been helpful to attach the advisory. Tim -- Tim Brown mailto:t...@nth-dimension.org.uk http://www.nth-dimension.org.uk/ NDSA20140311.txt.asc Description: PGP signature signature.asc Description: This is a digitally signed message part.

[ MDVSA-2014:056 ] apache-commons-fileupload

2014-03-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:056 http://www.mandriva.com/en/support/security/

[ MDVSA-2014:057 ] mediawiki

2014-03-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:057 http://www.mandriva.com/en/support/security/

[security bulletin] HPSBMU02967 rev.1 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code

2014-03-13 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04122007 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04122007 Version: 1 HPSBMU02967