[SECURITY] [DSA 2642-1] sudo security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2642-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert March 09, 2013 http://www.debian.org/security/faq - - Package: sudo Vulnerability : several issues Problem type : remote Debian-specific: no CVE ID : CVE-2013-1775 CVE-2013-1776 Debian Bug : 701838 701839 Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the clock is set to the UNIX epoch [00:00:00 UTC on 1 January 1970]. CVE-2013-1776 Ryan Castellucci and James Ogden discovered aspects of an issue that would allow session id hijacking from another authorized tty. For the stable distribution (squeeze), these problems have been fixed in version 1.7.4p4-2.squeeze.4. For the testing (wheezy) and unstable (sid) distributions, these problems have been fixed in version 1.8.5p2-1+nmu1. We recommend that you upgrade your sudo packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJROvQlAAoJEFb2GnlAHawEXIcH/0cASxNsRL3Y9on8brvEnpah 0B9qQ1NY9pzEQLzdQjQ/rJpzb/wK46Cx3aI6XpTxy9AbDNiQPgjxujbcQDtNNWQU OYsQl0O77qhPs42v2TAGEnNoVtrsdiWNSIAwV4YOz3H/gc/Q8z3awpsvx8DjT+Q3 mO23mQ1ukHivwfPam5l4FegCGM4sZhZjetiRb9zjVKtpDvZpD1SEUfGU+sb/CZ8s 622vJ7zGBGF1tbeY2ff2JPG7t7QWXx4KDNLup9yA4CqZzUYZEX6k8j7ATS8VvZQk XhSiWDldVYgeO/uZlO1jRSZLB0XCJLp9UEqNxBxwKyjPVl5kIORzC1hljpJKeHY= =Czjn -END PGP SIGNATURE-
[slackware-security] mozilla-thunderbird (SSA:2013-068-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2013-068-02) New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--+ patches/packages/mozilla-thunderbird-17.0.4esr-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the Get Slack section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-17.0.4esr-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-17.0.4esr-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-thunderbird-17.0.4esr-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-thunderbird-17.0.4esr-x86_64-1_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-17.0.4esr-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-17.0.4esr-x86_64-1.txz MD5 signatures: +-+ Slackware 13.37 package: a49744368feea875fc2263a23758ee01 mozilla-thunderbird-17.0.4esr-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 1f685bb13b30cbe0dad80d8fced5945e mozilla-thunderbird-17.0.4esr-x86_64-1_slack13.37.txz Slackware 14.0 package: fffdad3bc42676b8804abafef703c915 mozilla-thunderbird-17.0.4esr-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7d6f8bde5261e3368727a126b2da10f5 mozilla-thunderbird-17.0.4esr-x86_64-1_slack14.0.txz Slackware -current package: e1c9389a3392f1d13b0164008b9b8ff9 xap/mozilla-thunderbird-17.0.4esr-i486-1.txz Slackware x86_64 -current package: 4ecd1c4a3dea617120bf6c1c6d8cad7b xap/mozilla-thunderbird-17.0.4esr-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-17.0.4esr-i486-1_slack14.0.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlE62FMACgkQakRjwEAQIjNCmQCfcl8bJiEZbHuZUFuFMLu5JXHP uaMAnixZigY9CZyaHBJbsoHNVemr/fmQ =jShV -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2013-068-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2013-068-01) New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--+ patches/packages/mozilla-firefox-19.0.2-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the Get Slack section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-firefox-19.0.2-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-firefox-19.0.2-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-firefox-19.0.2-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-firefox-19.0.2-x86_64-1_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-19.0.2-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-19.0.2-x86_64-1.txz MD5 signatures: +-+ Slackware 13.37 package: 23e37a6cf8ef1f3d2df8796c0063d990 mozilla-firefox-19.0.2-i486-1_slack13.37.txz Slackware x86_64 13.37 package: c81eb2da62fb24b9dc5bb62f9b41de5a mozilla-firefox-19.0.2-x86_64-1_slack13.37.txz Slackware 14.0 package: b9a04763c17a2ae0f45a13c9144e2a86 mozilla-firefox-19.0.2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 230227873d13591800073ed030b72336 mozilla-firefox-19.0.2-x86_64-1_slack14.0.txz Slackware -current package: 9c874f07ca53c159015754cd40883d66 xap/mozilla-firefox-19.0.2-i486-1.txz Slackware x86_64 -current package: 5b5abace3714d41c3d2b9abf02bb33cf xap/mozilla-firefox-19.0.2-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-19.0.2-i486-1_slack14.0.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlE62FAACgkQakRjwEAQIjN2egCfXxU5+zvmza6eYXt5GkUUoO12 R5cAoIdUNCdTT4fwlHt5lzx+Hut/t1pi =Ty99 -END PGP SIGNATURE-
[SECURITY] [DSA 2641-1] perl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2641-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 09, 2013 http://www.debian.org/security/faq - - Package: perl Vulnerability : rehashing flaw Problem type : remote Debian-specific: no CVE ID : CVE-2013-1667 Debian Bug : 702296 Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion. For the stable distribution (squeeze), this problem has been fixed in version 5.10.1-17squeeze6. For the testing distribution (wheezy), and the unstable distribution (sid), this problem has been fixed in version 5.14.2-19. We recommend that you upgrade your perl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJRO01lAAoJEFb2GnlAHawEoVAH/2g7orgxovXN2SRAwDsaw1pD MYIx/E9rPl+BEjEqlYOKC4SImJoB2+pIv4p913jvZnknMU8e1U8TBqPEXdl7f9Ko oXucxiv2LWSf67c1yV5BY7OIeIG9vsxfn1YuS0CmmxlyzBoxUSM+ZQ6SrHg9JRgc 1L5LOnAPF70u/dwlRIO8hy3kmXazvCcbNRc4FDPvk+pFXu1aiNwNGOC+LGou9JGA ZdSs7YqFlR/gBGKxI4oESZMj5XT/JnTqePyJX8oLQa5D+WRnj5C9v1oBeinjUCpz eUxz222nY/cOJOv6AoA/f3YBrf2k4Xh1IRfZZ8Dr1EhKgwkOk8V9PDuAmZ9ciC0= =T27A -END PGP SIGNATURE-
Recon 2013 Call For Papers - June 21-23, 2013 - Montreal, Quebec
++ + + + + + + + \ / + _- _+_ - ,__ _=..:. /=\ _|===|_ ||::| | |_|.| | | | | | __===_ -=- ||::| |==| | | __|.:.| /\| |:. | || | .|| : |||::| | |- |.:|_|. :__ |.: |--|==| | .| |_ | ' |. ||. |||:.| __|. | |_|. | |.|...||---| |==| | | | |_--. || |||. | | | | |. | | |::.||: .| |==| | . : |=|===|:|| . ||| .| |:.| .| | | | |:.:|| . | |==| | |=|===| . |' | | | | | | | |' : . | ; ;'| ' : ` : '. ' . . : REC0N 2013 MONTREAL JUNE 21-23 http://recon.cx @reconmtl and @hugofortier + RECON returns for 2013 with 7 days of Reversing and Exploitation - Training sessions + conference + party + List of training sessions for Recon 2013: - Reversing telecom platforms for security by Philippe Langlois (2 days) - Facedancer by Travis Goodspeed and Sergey Bratus (2 days) - iOS security/exploitation workshop by Stefan Esser (3 days) - Advanced Exploit Laboratory by Saumil Shah (3 days) - Reverse Engineering Malware by Nicolas Brulez (4 days) - Keep It Synple Stupid - Utilizing Programmable Logic for Hardware Reverse-Engineering by Dmitry Nedospasov and Thorsten Schroeder (4 days) - Windows Internals for Reverse Engineers by Alex Ionescu (4 days) + We are accepting submissions - Single track - 45-60 minute presentations, or longer, we are flexible - We are open to workshop proposals that would occur alongside talks - Trainings of 2, 3 or 4 days focused on reversing and/or exploitation - There will be time for 5 to 10 minutes Informal Lightning Talks during the Recon Party + Especially on these topics - Hardware reverse engineering - Software reverse engineering - Finding vulnerabilities and writing exploits - Novel data visualization for hackers and reverse engineers - Bypassing security and software protections - Attacks on cryptography in hardware and software - Physical security countermeasures - Techniques for any of the above on new or interesting architectures - Wireless hacking (We aren't talking about wifi here) ++ Anything else elite ++ + Please include - Speaker name(s) and/or handle - Contact information, e-mail and cell phone(optional) - Presentation title - Description of the presentation - Brief biography - If available presentation supporting materials (website, code, paper, slides, outline, ...) - And why it is cool, or why you want to present it - Let us know if you need help with VISA (So we can start the procedure early) - If your employer will pay for your travel or if you need us to pay for it + Get back to us soon - First round of CFP to end March 31 - First speakers/talks to be announced week of April 2 - CFP closes April 27, 2013, Recon 2013 speakers/talks announced May 5 - So please send the above information to: cfp2013 (at) recon.cx + Recon registration opens soon. - http://recon.cx THIS FILE PASSED THROUGH... ___ / DUAL STANDARDS \ / * * * * * * * * * *** \ /__ HS AA CD OH RD SD TR MR RS CS ARQ SYN DeCUSHQ __\ \-/ \ R E C 0 N BBS KNOWNW O R L D-W I D E FOR 0-DAY WAREZ/ .oo*\ ___ / O\_/ KRu1z1n' At 9600 1.5 Gigz Online \_/ o O+--+ o 514 O SERVING THE PHRESHEST CRACKS IN THE LATA O 514 O CHECK: O[*] 0-1(MAX) DAY O [*] H/P/A/V/C O [*] Demos/Artpacks O[*] 1200/2400/9600 BAUD O [*] 1500MB o.[ ] LAMERS O ooo## BROUGHT TO YOU BY: SysopDataworm CoSysop..Aliss CoSysop..Strange Attractor CoSysop..TheGamble CoSysop..ChatBoss +1[514] 900 - 6PWN +1[337] 287 - 9777 +1[LUL] Z69 - 3771