Displaying 20 results from an estimated 20000 matches similar to: "Security vulnerability process - last call"
2015 May 13
0
Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive
xen-4.4.2-2, available from the virt6-testing repository, includes the
fix for this issue.
Note that Xen actually does attempt to disable the floppy disk for HVM
domains by default, but due to a bug in qemu, the floppy disk only
partially disabled; enough functionality to exploit this bug remains.
This should be available from the normal xen4 repositories sometime
this afternoon.
-George
2012 Dec 03
0
Uncontrolled disclosure of advisories XSA-26 to XSA-32
We just sent the message below to the security advisory predisclosure
list, relating to the release of XSA-26 to XSA-32. As you will see,
these have now been publicly released.
We''ll have a proper conversation about this in a week or two.
Thanks for your attention,
Ian.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We regret to announce that a member of the predisclosure list
2004 Feb 18
1
[Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability]
Attached is a security alert from Gentoo pertaining to clam antivirus.
It seems that as of this morning, FreeBSD's ports still contain the
affected version.
Thank in advance,
Tom Veldhouse
-------------- next part --------------
An embedded message was scrubbed...
From: Tim Yamin <plasmaroo@gentoo.org>
Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability
Date:
2012 Sep 06
1
Fwd: [Xen-announce] Xen Security Advisory 19 - guest administrator can access qemu monitor console
Hi everyone at the security team,
I'd like to upload an update of xen-qemu-dm-4.0 in Squeeze. Below is the
Xen Security Advisory as I received it, attached is the patch that they
provided. Both the debdiff and the updated packages are available in here:
http://archive.gplhost.com/pub/security/xen-qemu-dm-4.0/
Please allow me to upload this fix. If you wish, I can prepare a DSA as
well (but
2017 Sep 07
2
Updated Xen packages for XSA 216..225
(*Really* switching to my personal address not because I'm not doing
work for Citrix, but because the corporate email is not working
properly. Sigh. Also, email updated a bit.)
Ian Jackson writes ("Re: Updated Xen packages for XSA 216..225"):
> Ian Jackson writes ("Re: Updated Xen packages for XSA 216..225"):
> > Hi. I was away and am now back. There are a lot
2012 Sep 07
0
Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2012-4411 / XSA-19
version 2
guest administrator can access qemu monitor console
UPDATES IN VERSION 2
====================
We have now been issued with a CVE number.
ISSUE DESCRIPTION
=================
A guest administrator who is granted access to the graphical console
of a Xen guest
2012 Sep 06
0
Bug#686848: CVE-2007-0998: Qemu monitor can be used to access host resources
Package: xen-qemu-dm-4.0
Version: 4.0.1-2+squeeze1
Severity: grave
Tags: squeeze
Copying the Xen Security Advisory:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory XSA-19
guest administrator can access qemu monitor console
ISSUE DESCRIPTION
=================
A guest administrator who is granted access to the graphical console
of a Xen guest can
2012 Sep 06
0
Re: [oss-security] Xen Security Advisory 19 - guest administrator can access qemu monitor console
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/06/2012 10:13 AM, Xen.org security team wrote:
> Xen Security Advisory XSA-19
>
> guest administrator can access qemu monitor console
>
>
> ISSUE DESCRIPTION
> =================
>
> A guest administrator who is granted access to the graphical console
> of a Xen guest can access the qemu
2004 Aug 17
1
remotely exploitable vulnerability in lukemftpd / tnftpd
Hi Everyone,
http://vuxml.freebsd.org/c4b025bb-f05d-11d8-9837-000c41e2cdad.html
A critical vulnerability was found in lukemftpd, which shipped with some
FreeBSD versions (4.7 and later). However, with the exception of
FreeBSD 4.7, lukemftpd was not built and installed by default. So,
unless you are running FreeBSD 4.7-RELEASE or specified WANT_LUKEMFTP
when building FreeBSD from source, you
2005 Feb 09
2
full-d] Administrivia: List Compromised due to Mailman Vulnerability (fwd)
Sorry for the cross post, but this is an important one
potentially affecting all recipients.
This just crossed the Full Disclosure mailman moderated
mailing list. It bears a careful read, and thought about
whether a response is needed.
The implication is that if there is any use of a mailman
password in common with a password you 'care' about, you need
to take appropriate action at
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2007 May 04
1
ASA-2007-013: IAX2 users can cause unauthorized data disclosure
> Asterisk Project Security Advisory - ASA-2007-013
>
> +----------------------------------------------------------------------------------+
> | Product | Asterisk |
> |----------------------+-----------------------------------------------------------|
> | Summary | IAX2
2007 May 04
1
ASA-2007-013: IAX2 users can cause unauthorized data disclosure
> Asterisk Project Security Advisory - ASA-2007-013
>
> +----------------------------------------------------------------------------------+
> | Product | Asterisk |
> |----------------------+-----------------------------------------------------------|
> | Summary | IAX2
2014 Dec 20
4
NTP Vulnerability?
I just saw this:
https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01
which includes this:
" A remote attacker can send a carefully crafted packet that can overflow a
stack buffer and potentially allow malicious code to be executed with the
privilege level of the ntpd process. All NTP4 releases before 4.2.8 are
vulnerable."
"This vulnerability is resolved with NTP-stable4.2.8
2003 Sep 17
3
Sendmail vulnerability
You've probably already seen the latest sendmail vulnerability.
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
I believe you can apply the following patch to any of the security
branches:
http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
Download the patch and:
# cd /usr/src
# patch -p1 < /path/to/patch
#
2003 Sep 17
3
Sendmail vulnerability
You've probably already seen the latest sendmail vulnerability.
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
I believe you can apply the following patch to any of the security
branches:
http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
Download the patch and:
# cd /usr/src
# patch -p1 < /path/to/patch
#
2013 Aug 30
14
Coverity + XenProject + Process?
Hey
We have a static analyzer setup for Xen called Coverity. It allows
the code to be inspected for bugs and such.
Originally I setup this so that we could make sure that there are no
bugs that cause security issues - and as such invited only folks
on the security Xen mailing list.
But there are other folks who I am sure would like to contribute
and as Coverity is pretty amazing at analyzing
2011 May 21
1
OpenVAS Vulnerability
Hi,
Please advice me about the below reported vulnerability.
High
OpenSSH X Connections Session Hijacking Vulnerability
Risk: High
Application: ssh
Port: 22
Protocol: tcp
ScriptID: 100584
Overview:
OpenSSH is prone to a vulnerability that allows attackers to hijack
forwarded X connections.
Successfully exploiting this issue may allow an attacker run arbitrary
shell commands with the privileges
2014 Oct 20
0
AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability
Asterisk Project Security Advisory - AST-2014-011
Product Asterisk
Summary Asterisk Susceptibility to POODLE Vulnerability
Nature of Advisory Unauthorized Data Disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Medium