Home Tag "vulnerability"

Short-News: Critical Oracle Java 7/8 patch for CVE-2016-0636 (remote code execution)

Oracle released a critical patch for Java 7/8 which patches CVE-2016-0636 – a remote code execution. This is a patch which has been released between two normal Oracle Java “Patch-Days”. This should be enough proof that the vulnerability is indeed critical. To quote Oracle: Due to the severity of this vulnerability and the public disclosure of […]

SSLv2 Protocol “DROWN” security flaw – CVE-2016-0800

SSLv2 Protocol “DROWN” security flaw – CVE-2016-0800

As announced by the OpenSSL team some days ago, a new fix for several high severe vulnerabilities have been released. The main vulnerability is called “DROWN” (once again with a fancy logo, of course). Detailed information can be found on www.drownattack.com CVSS V2 Base Score 5.8 Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:N Access Vector Network Access Complexity Medium Authentication […]

Critical OpenSSL update is live!

Short News: Incoming OpenSSL patch – release of version 1.0.2g/1.0.1s

The incoming release of OpenSSL versions – has just been announced on the OpenSSL mailing list. As usual on such release pre-notifications there ain’t many details known. These releases will be made available on 1st March 2016 between approximately 1300-1700 UTC. They will fix several security defects with maximum severity “high”. – OpenSSL Announcement Please […]

CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow vulnerability

CVE-2016-2384: arbitrary code execution due to a double-free in the usb-midi linux kernel driver

CVE-2016-2384 describes an interesting vulnerability within the usb-midi linux kernel driver. There is an extensive blog post on xairy’s github blog. The exploit can be either used for DOS (you’ll need physical access) or to execute code (you’ll need both physical and local access).   CVE-2016-2384 CVSS v2 Base Score 4.7 Base Metrics AV:L/AC:M/Au:N/C:N/I:N/A:C Access Vector Local […]

Short News: Hacked Linux Mint ISOs

CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow vulnerability

A new vulnerability has been discovered by Googles Online Security research team. It affects the glibc library and can potentially lead to DOS and code executions. How severe this is to your infrastructure depends on many factors – it is recommended to patch the issue as soon as possible. “Our initial investigations showed that the […]

Did you secure everything this week?