info@unhackable.org Phone: +877 547 3638

Vulnerabilities discovered in OpenSSL <0.9.8u and 1.x before 1.0.0h

Multiple vulnerabilities has been found and corrected in openssl: The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884). […]

Read More »

Vulnerability discovered in GnuTLS < 2.12.17

A vulnerability has been found and corrected in GnuTLS: gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted […]

Read More »

libpng security vulnerability allows execution of arbitrary code

The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it […]

Read More »

Ubuntu Security Advisory USN-1361-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-1361-1 13th February, 2012 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 10.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local userwho can mount a FUSE […]

Read More »

Security News From Twitter this week

RT @valdesjo77: OpenSSH from Linux to Windows 7 via tunneled RDP http://t.co/yhAA6FuU via @lethalduck #security #tips #sysadminOpenSSH from Linux to Windows 7 via tunneled RDP http://t.co/yhAA6FuU via @lethalduck #security #tips #sysadminApache – Multiple Vulnerabilities – affects 2.0.x-2.0.64 and 2.2.x-2.2.21. #unhackable #security http://t.co/d9G2TfWW

Read More »

Ubuntu Security Advisory: PHP / Upgrades available

A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 11.10 – Ubuntu 11.04 – Ubuntu 10.10 – Ubuntu 10.04 LTS – Ubuntu 8.04 LTS Summary: USN 1358-1 introduced a regression in PHP. Software Description: – php5: HTML-embedded scripting language interpreter Details: USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for […]

Read More »

RedHat Security Advisory: RHSA-2012:0107-1 Important: kernel security and bug fix update

Advisory: RHSA-2012:0107-1 Type: Security Advisory Severity: Important Issued on: 2012-02-09 Last updated on: 2012-02-09 Affected Products: Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) CVEs (cve.mitre.org): CVE-2011-3638CVE-2011-4086CVE-2011-4127CVE-2012-0028CVE-2012-0207 Details Updated kernel packages that fix multiple security issues and two bugs arenow available for Red Hat Enterprise Linux 5. The […]

Read More »

New PHP5 Vulnerability in php_register_variable_ex() – affects versions <= 5.3.9

Vulnerability ID: CVE-2012-0830 Description: “php_register_variable_ex()” Code Execution Vulnerability Details: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The irony here is this vulnerability was introduced in a “fix” for another vulnerability (CVE-2011-4885). The vulnerability is caused due to a logic error within the “php_register_variable_ex()” […]

Read More »

Apache – Multiple Vulnerabilities – affects 2.0.x-2.0.64 and 2.2.x-2.2.21

Several vulnerabilities have been found in the Apache HTTPD Server: CVE-2011-3607: Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with […]

Read More »