[SECURITY] [DSA 2831-1] puppet security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2831-1 secur...@debian.org http://www.debian.org/security/ Luciano Bello December 31, 2013 http://www.debian.org/security/faq - - Package: puppet Vulnerability : insecure temporary files Problem type : remote Debian-specific: no CVE ID : CVE-2013-4969 An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze9. For the stable distribution (wheezy), this problem has been fixed in version 2.7.23-1~deb7u2. For the testing distribution (jessie), this problem has been fixed in version 3.4.0-1. For the unstable distribution (sid), this problem has been fixed in version 3.4.0-1. We recommend that you upgrade your puppet packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlLC57wACgkQQWTRs4lLtHkyPACdGvgJFTsNR/Y5kysnIqRZMfUP 98cAoIGVdGtlEDmKxNdZbFBCoivocFH9 =1KHZ -END PGP SIGNATURE-
[SECURITY] [DSA 2832-1] memcached security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2832-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq - - Package: memcached Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-4971 CVE-2013-7239 Debian Bug : 706426 733643 Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-4971 Stefan Bucur reported that memcached could be caused to crash by sending a specially crafted packet. CVE-2013-7239 It was reported that SASL authentication could be bypassed due to a flaw related to the managment of the SASL authentication state. With a specially crafted request, a remote attacker may be able to authenticate with invalid SASL credentials. For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.5-1+deb6u1. Note that the patch for CVE-2013-7239 was not applied for the oldstable distribution as SASL support is not enabled in this version. This update also provides the fix for CVE-2013-0179 which was fixed for stable already. For the stable distribution (wheezy), these problems have been fixed in version 1.4.13-0.2+deb7u1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your memcached packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSw/k7AAoJEAVMuPMTQ89EN9cP/2+3NUmG98Jp4GXewX4KnXeJ Us08m4dlTyNEjVu3z8vAJ9iIvu28zyiYwKp6msyyc0155D6hNmmxkNfhGI/IgDBi QPo2AZrvWvTafztNyRzyBKzQHK3DlM9LEGYZC6rOpNWEF2xv1lT6vwWDj/fZRDiA 6pqGX/iERk/9EK4WeXi1KlTNzzOJJOQkN4NeoQEeUWec5s6V0/fOKoVccbKI9pOE 8UXL1Hqz3BK9YsNu8a5qadrSZ/3fRSHcmz3Drt7pyVpmJw4jzB126TZF8UJsLspQ 28wxOYISYJJvNXBJZM5oEjjssokzZw3Y1UYljY2Jc4sTUwLcWIQxM36AvlRrZ8Yj 0YoaA3UMfYeEtcPsv24/f8r8gEZsq4cVPatHBm4Ke/rmMttYiuX3n2iVfLiYdE6S ByfMZ4Rqk17SzUf6TCjsfomU45SGjtOzIEKwXBNBSGjK6Lej8zqKffNhvCH3ZwoH t0JS4qAr5EWdSuZkLLEtAu91qTGLJlxsPZk7odWyYA+Oe6c1Mobm2+PpfXgY0v/L H0ktTng+g/glH/3pnDzvBNthjLE8mN2ioFBEH5WFBiN2hZnGck2WXGzjWG4B9cAO gqFPlp+gP0m6ZmE1CyYdhR8ZgLhb+WZ8LbldYAIDWkA303gvnE5Enmn2NXrtFbBN LM+/KdVYzK4ZrVccPtkb =tx8/ -END PGP SIGNATURE-
[SECURITY] [DSA 2833-1] openssl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2833-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff January 01, 2014 http://www.debian.org/security/faq - - Package: openssl Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2013-6449 CVE-2013-6450 Debian Bug : 732754 732710 Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm (which was unused anyway, see http://marc.info/?l=openssl-announcem=138747119822324w=2 for further information) and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.1e-5. We recommend that you upgrade your openssl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlLEBDMACgkQXm3vHE4uylpEbACg55hvNWUo8hTUtqMNoOeP986v dG0AoJXsQoWloicwYo4fM8EwkbWxjun+ =KlR6 -END PGP SIGNATURE-
CFP - IEEE Co-sponsored CyberSec2014 - Lebanon Section
2014-01-01
Thread
The Third International Conference on Cyber Security, Cyber Warfare, and Digital Forensic
All the registered papers will be submitted to IEEE for potential inclusion to IEEE Xplore as well as other Abstracting and Indexing (AI) databases. TITLE: The Third International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec2014) EVENT VENUE: Lebanese University, Lebanon CONFERENCE DATES: Apr. 29 May 1, 2014 EVENT URL: http://sdiwc.net/conferences/2014/cybersec2014/ OBJECTIVE: To provide a medium for professionals, engineers, academicians, scientists, and researchers from over the world to present the result of their research activities in the field of Computer Science, Engineering and Information Technology. CyberSec2014 provides opportunities for the delegates to share the knowledge, ideas, innovations and problem solving techniques. Submitted papers will be reviewed by the technical program committee of the conference. KEYWORDS: Cyber Security, Digital Forensics, Information Assurance and Security Management, Cyber Peacefare and Physical Security, and many more... SUBMISSION URL: http://sdiwc.net/conferences/2014/cybersec2014/openconf/openconf.php FIRST SUBMISSION DEADLINE: March 29, 2014 CONTACT EMAIL: cyb2...@sdiwc.net
[SECURITY] [DSA 2834-1] typo3-src security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2834-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq - - Package: typo3-src Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-7073 CVE-2013-7074 CVE-2013-7075 CVE-2013-7076 CVE-2013-7078 CVE-2013-7079 CVE-2013-7080 CVE-2013-7081 Debian Bug : 731999 Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. For the oldstable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze9. For the stable distribution (wheezy), these problems have been fixed in version 4.5.19+dfsg1-5+wheezy2. For the testing distribution (jessie), these problems have been fixed in version 4.5.32+dfsg1-1. For the unstable distribution (sid), these problems have been fixed in version 4.5.32+dfsg1-1. We recommend that you upgrade your typo3-src packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSxD/nAAoJEAVMuPMTQ89EEewP+QE0HI7cMfcvfCO2GpmSq+ZX OgE2PuiIrBaMf9NtUvrWnVWMQRJiLjyejLsFpjGA3BIZAxue9N5WpzoPG9m8Np4c wdsk9a91lzj6vppYVYUnL0U8VmlxDU8mEfzdA39cRbqBzH3R6BfXqtDlDFnuYQvp B65Dn+79Cquch6j0UjoGdCPBAQeINFBJqEk5DjRgZaxJb6kASFXdbthn1XFaXa/o h79yKub2hsXhnmZ6tB8nATPw8jIOm4gkMSNHQHaT46bQVGolgQxqLPOxRE6LMvef bxYWM8oSp/QEYDXyCfHcNwKBOJlUNWH5kjK6uGWpqQ018Ms8Xmo6fQ8qwcwUeFMb bOm5wMuoROZDOm+j5gjfThJ0gkF0A1VIhxXua5w6HkTClI/HvIyKfgCt6DODLUbq 7PgJTsw26ppRR3kvenSIxWW/fc+LvFIN/sKx31v4QnY6c4au369a34fROwpCkzAH HtoC4Fj51r8I/ArLW0+wkyZZaliwKgZQtgGpWGsv+HQ0rwmlltTIXEEFd2fgKDL3 X5KXqN7+X/MhCih3ZAQ4sDGPxAG/iYL5Inz6mnVMie1Sa156bm2t+0EM5hOhJnIj JEfI6+49d6dk4ie9QdNpJ0C35DmlbsgyPgStl0fYMJtyQsfmrH5lFXHUJNS1Gow3 H+EE3f2WZLx6/YNR9dyS =LnMg -END PGP SIGNATURE-
[CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 [CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node Severity: Low Vendor: Apache Software Foundation Project: Apache Libcloud (http://libcloud.apache.org/) Affected Versions: Apache Libcloud 0.12.3 to 0.13.3 (version prior to 0.12.3 don't include a DigitalOcean driver) Description: DigitalOcean recently changed the default API behavior from scrub to non-scrub when destroying a VM. Libcloud doesn't explicitly send scrub_data query parameter when destroying a node. This means nodes which are destroyed using Libcloud are vulnerable to later customers stealing data contained on them. Note: Only users who are using DigitalOcean driver are affected by this issue. References: - - http://libcloud.apache.org/security.html - - https://digitalocean.com/blog_posts/transparency-regarding-data-security - - https://github.com/fog/fog/issues/2525 Mitigation: This vulnerability has been fixed in version 0.13.3. Users who use DigitalOcean driver are strongly encouraged to upgrade to this release. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQJ8BAEBCgBmBQJSxEgAXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5OTc4MjhEQzYyRjc1OUNFQTE4OUQ2NUUy QzA3NTRCMkNFMDY5MkYzAAoJECwHVLLOBpLzbRcQAJqSobMiGfjpBQCGhda8zW62 6aPEjyuStv9FZ0/eLN6bxPCV8LdxOYy6M1oehr3ntT56Dd/lZ9+gwJunTH3UqWmq ZqiwmME8JLhNTLC8tab+yE82lQlck2iXgTaJ5pZfXELFPiTEZ+DAQN26CpkA8bLO cXAlMJkskPS6BkkgLDtLfO9RHe8T0QsEcHxQSwCpursiIlQEfjG3tQqG21KEvSm6 Q31qv87cZrG2pQPXEQ7Ir59E7Yos/7vEnG57wY/Xj94wKeKpHxnBUUL37BW+/tb1 qP29zZUol628HxowsGCN7xJPlXrcc4wc37rWja/UTcBWZGUk4EKTX9xXVs1jKuPB lJqlGkEHglRcFI1AJLv9VkPBj77z6aEFu89bbJn8aZwAmPwnIBLZiJGp0LvqlVap RYgV8SdLb1D4GxTDJJN76PLghMJdo1mEUwLbinr8JGH/MXzTkTUwgMCv7ks8ww7Q hZp40rKDY+Su7VML6ONcnnvZTlAxCJM2lexD0svV8e3oXf/8lUzlnHCHQH8/TIrV 6DV4mj7Yg+HiR9Tj8+AMAAmC5l88Byl/+sJjAEdWBTKjzwiey5ocDX5s/aL12o+9 JX7vnFOWaGWf0pMeGuCl2gqtG+jFoEkr7BU7d0k7TvVFTQ0jTrrhVv9rbdIiJbK4 HXvdPzy/CBQt0tUGc6UT =8Jgs -END PGP SIGNATURE-
