[ GLSA 200910-02 ] Pidgin: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200910-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[security bulletin] HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01905287 Version: 1 HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access NOTICE: The information

[security bulletin] HPSBUX02466 SSRT090192 rev.1 - HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01908935 Version: 1 HPSBUX02466 SSRT090192 rev.1 - HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access NOTICE: The information in this Security Bulletin

[SECURITY] [DSA 1914-1] New mapserver packages fix serveral vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1914-1secur...@debian.org http://www.debian.org/security/ Nico Golde October 22nd, 2009

[USN-850-2] poppler regression

=== Ubuntu Security Notice USN-850-2 October 22, 2009 poppler regression https://launchpad.net/bugs/457985 === A security issue affects the following Ubuntu releases: Ubuntu

RE: [Full-disclosure] NSOADV-2009-003: Websense Email Security Cross Site Scripting

The vulnerability has been fixed within the latest version which is 7.2. This is set to be released Friday, October 23, 2009. Websense would like to thank Nikolas for working with us on the issue. Websense customers can get the new version for free through mywebsense.com and details on the

HP Quality Centre Weak password Obfuscation

Not a major issue, but should be noted: The password in QC and maybe TD is obfuscated as below: password using jason is: PASSWORD:\001e\ENRCRYPTED189!206!226!219!217! As you will see each char has a 3 digit and exclamation mark. This is not in any way random, this is static, depending on

[SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1915-1secur...@debian.org http://www.debian.org/security/ dann frazier October 22, 2009

/proc filesystem allows bypassing directory permissions on Linux

Hi! This is forward from lkml, so no, I did not invent this hole. Unfortunately, I do not think lkml sees this as a security hole, so... Jamie Lokier said: a) the current permission model under /proc/PID/fd has a security hole (which Jamie is worried about) I believe its bugtraq

Re: /proc filesystem allows bypassing directory permissions on Linux

On 23.10.2009 21:16, Pavel Machek wrote: Hi! This is forward from lkml, so no, I did not invent this hole. Unfortunately, I do not think lkml sees this as a security hole, so... Jamie Lokier said: a) the current permission model under /proc/PID/fd has a security hole (which Jamie is

Re: /proc filesystem allows bypassing directory permissions on Linux

pa...@toy:/tmp/my_priv$ chmod 700 . # relax file permissions, directory is private, so this is safe # check link count on unwritable_file. We would not want someone # to have a hard link to work around our permissions, would we? pa...@toy:/tmp/my_priv$ chmod 666 unwritable_file

Re: /proc filesystem allows bypassing directory permissions on Linux

On 24.10.2009 0:35, Matthew Bergin wrote: doesnt look like the original owner is trying to write to it. Shows it cant, it had guest write to it via the proc folders bad permissions. Looks legitimate Please tell me, who issued 'chmod 0666 unwritable_file'? Was that an attacker? No, that was the