Mandrake Linux Security Update Advisory - SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the SIGPIPE signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely.

Mandrake Linux Security Update Advisory - Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack.

Mandrake Linux Security Update Advisory - Javier Fernandez-Sanguino Pena discovered two vulnerabilities in scripts included with the vim editor. The two scripts, tcltags and vimspell.sh created temporary files in an insecure manner which could allow a malicious user to execute a symbolic link attack or to create, or overwrite, arbitrary files with the privileges of the user invoking the scripts.

Secunia Security Advisory - Mandrake has issued an update for hylafax. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.

Technical Cyber Security Alert TA07-059A - A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges.

Technical Cyber Security Alert TA09-088A - US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.

Linux Security Checklist is a perl script that audits a given Linux host and provides recommendations for security enhancements.

HP Security Bulletin - A potential security vulnerability has been identified in the Aries PA-RISC emulation software running on HP-UX IA-64 platforms only. This vulnerability may allow local unauthorized access.

Ubuntu Security Notice USN-715-1 - Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. It was discovered that the inotify subsystem contained watch removal race conditions. Dann Frazier discovered that in certain situations sendmsg did not correctly release allocated memory. Helge Deller discovered that PA-RISC stack unwinding was not handled correctly. It was discovered that the ATA subsystem did not correctly set timeouts. It was discovered that the ib700 watchdog timer did not correctly check buffer sizes.

Secunia Security Advisory - SUSE has issued an updated for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for WebYaST and SUSE Studio Standard Edition. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.

Secunia Security Advisory - SUSE has issued an update for java-1_7_0-openjdk. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for chromium. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for virtualbox. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Secunia Security Advisory - SUSE has issued an update for libupnp. This fixes three vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

Secunia Security Advisory - SUSE has issued an update for apache2. This fixes two weaknesses, a security issue, and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.

Secunia Security Advisory - SUSE has issued an update for apache2. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory - SUSE has issued an update for v8. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

Secunia Security Advisory - SUSE has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Secunia Security Advisory - SUSE has issued an update for MySQL. This fixes multiple vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks.

Secunia Security Advisory - SUSE has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) in an application using the library.

Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for opera. This fixes a vulnerability with an unknown impact.

Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to conduct clickjacking attacks.

Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for ruby on rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system.

Mandriva Linux Security Advisory 2015-046 - Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed.

Mandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.

HP Security Bulletin - A potential vulnerability has been identified with Openview Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to gain privileged access. Affected versions: Openview Network Node Manager (OV NNM) 6.2, 6.4, 7.01, 7.50 running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux.

Debian Security Advisory DSA 830-1 - Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorization proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local users.

Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. These include Windows NT domain authentication bypass, IPv6 denial of service, and a Crypto Accelerator memory leak.

In a previous article, I had a conversation with former-CIA chief Jim Woolsey to discuss one of America’s greatest national security vulnerabilities, its power grid. The issues that Woolsey has been concerned with for over a decade has been the ease in which a terrorist group or other actor (think North Korea for example) could attack the grid and plunge the country into darkness for months, if not years. And if that seems far-fetched, just recall how a tree limb fell in Ohio in 2003 and blacked out the entire Northeast and part of Canada for several days.

Energy is Europe’s quiet crisis. While the clamour of failing economies, desperate migrants and political clashes grabs the headlines, energy policy is rarely front-page news, but it should be — the statistics are shocking.

European Union governments and the bloc’s executive arm are splitting over how to guarantee electricity supply as the region builds more renewable power.

The Lebanese military is commended for its commitment to peace in light of its vast security obligations, a UNIFIL official said Wednesday.

'This was an attack that goes against all codes, even in war. This is an attack that cannot be done.'