Skip to content

Home 預警公告 保安忠告
libcURL multiple vulnerabilities
週五, 09 一月 2015 15:52
There are no translations available.

Two (2) vulnerabilities have been patch for libcurl. libcurl versions >= 7.40.0 are not affected

CVE-2014-8151 libcurl/darwinssl certificate check bypass from libcurl 7.31.0 to and including 7.39.0
Due to too aggressive session re-use, a connection with disabled certificate check can be re-used wrongly even if the certificate check is enabled again and should reject the certificate.
Patch with CVE-2014-8151.patch

CVE-2014-8150 URL request injection vulnerability from curl 6.0 to and including 7.39.0
libcurl did not reject carriage returns or line feeds embedded in the URL, which could allow request or header injections when communicating over HTTP proxy.
Patch with CVE-2014-8150.patch

WordPress Cforms: file upload
週五, 09 一月 2015 15:51
There are no translations available.

The Cforms 14.7 and before are vulnerable to unauthorised user file upload. It's affected contact forms thats was created without file upload box. File lib_nonajax.php accept files with all extensions, that could lead to remote code execution
It is advised to update to 14.8 from the original distributor.

Debian 關鍵漏洞
週四, 08 一月 2015 16:10

已確定 Debian 以下應用程式存在漏洞,Debian 已發佈了補丁:
DSA-3120-1 mantis -- security update
DSA-3119-1 libevent -- security update

Apache Traffic Server HttpTransact 缺陷
週三, 07 一月 2015 17:13

已確定 Apache Traffic Server 存在漏洞。遠程用戶可導致拒絕服務條件。忠告建議更新

Xen hvm_domain_relinquish_resources() Use After Free 漏洞
週三, 07 一月 2015 17:13

已確定 Xen 存在漏洞。本地用戶可在主機系統上導致拒絕服務條件。忠告建議更新

<< 最先 < 前一個 371 372 373 374 375 376 377 378 379 380 下一個 > 最後 >>

[YOUR IP: 46916] ...   [YOUR BROWSER: CCBot/2.0 (] ...