Hack Talk
There was a HOLE here. It's gone now. Home | Gitweb | Status | IRC

Sun, 19 Nov 2017 20:37:02 +0100

W3C Strategic Highlights – November 2017
    17 Nov 2017 | 11:58 from W3C News

W3C released today its W3C Strategic Highlights – November 2017, a comprehensive survey of the essential work W3C conducts to achieve a Web for All, and select recent work in many areas where the Web can solve arising problems for real people. A strong emphasis in this report is on the core of the Web […]


[security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities
    17 Nov 2017 | 09:59 from Bugtraq

Posted by security-alert on Nov 17

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03794en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03794en_us
Version: 1

HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-11-15
Last Updated:...

[security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities
    17 Nov 2017 | 09:53 from Bugtraq

Posted by security-alert on Nov 17

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03795en_us
Version: 1

HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-11-15...

[SECURITY] [DSA 4037-1] jackson-databind security update
    17 Nov 2017 | 09:41 from Bugtraq

Posted by Sebastien Delafond on Nov 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4037-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
November 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackson-databind
CVE ID : CVE-2017-15095

It was...

[SECURITY] [DSA 4039-1] opensaml2 security update
    17 Nov 2017 | 09:26 from Bugtraq

Posted by Salvatore Bonaccorso on Nov 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4039-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : opensaml2
CVE ID : CVE-2017-16853
Debian Bug :...

[security bulletin] HPESBHF03705 rev.4 - HPE Integrated Lights-Out 4, 3, 2 and Moonshot Remote Console Administrator (iLO 4 and MRCA) Remote Disclosure of Information
    17 Nov 2017 | 03:42 from Bugtraq

Posted by security-alert on Nov 16

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-HPESBHF03705en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: HPESBHF03705en_us
Version: 4

HPESBHF03705 rev.4 - HPE Integrated Lights-Out 4, 3, 2 and Moonshot Remote
Console Administrator (iLO 4 and MRCA) Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be...

FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat
    17 Nov 2017 | 03:36 from Bugtraq

Posted by FreeBSD Security Advisories on Nov 16

=============================================================================
FreeBSD-SA-17:10.kldstat Security Advisory
The FreeBSD Project

Topic: Information leak in kldstat(2)

Category: core
Module: kernel
Announced: 2017-11-15
Credits: TJ Corley
Affects: All supported versions of FreeBSD.
Corrected:...

FreeBSD Security Advisory FreeBSD-SA-17:09.shm
    17 Nov 2017 | 03:31 from Bugtraq

Posted by FreeBSD Security Advisories on Nov 16

=============================================================================
FreeBSD-SA-17:09.shm Security Advisory
The FreeBSD Project

Topic: POSIX shm allows jails to access global namespace

Category: core
Module: shm
Announced: 2017-11-15
Credits: Whitewinterwolf
Affects: FreeBSD 10.x
Corrected:...

FreeBSD Security Advisory FreeBSD-SA-17:08.ptrace
    17 Nov 2017 | 03:25 from Bugtraq

Posted by FreeBSD Security Advisories on Nov 16

=============================================================================
FreeBSD-SA-17:08.ptrace Security Advisory
The FreeBSD Project

Topic: Kernel data leak via ptrace(PT_LWPINFO)

Category: core
Module: ptrace
Announced: 2017-11-15
Credits: John Baldwin
Affects: All supported versions of FreeBSD....

[SECURITY] [DSA 4036-1] mediawiki security update
    17 Nov 2017 | 03:19 from Bugtraq

Posted by Moritz Muehlenhoff on Nov 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4036-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 15, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2017-8808 CVE-2017-8809...

[SECURITY] [DSA 4035-1] firefox-esr security update
    17 Nov 2017 | 03:12 from Bugtraq

Posted by Moritz Muehlenhoff on Nov 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4035-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 15, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2017-7826 CVE-2017-7828...

Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 26
    17 Nov 2017 | 03:05 from Bugtraq

Posted by Maria Lemos on Nov 16

* Proceedings by Springer

** Extended versions of best selected papers will be published in JCR/SCI/SSCI journals

---------------------------------------------------------------------------------------------------
WorldCist'18 - 6th World Conference on Information Systems and Technologies
Naples, Italy, 27 - 29 March 2018
http://www.worldcist.org/...

Upcoming Workshop: Web5G: Aligning evolutions of network and Web technologies
    16 Nov 2017 | 14:30 from W3C News

W3C announced today Web5G: Aligning evolutions of network and Web technologies Workshop, January 22-23 2018, in London, UK. The event is hosted by GSMA. The primary goal of the workshop is to bring together telecommunications operators, network equipment providers, content delivery networks, browser vendors, and application developers to evaluate and prepare for the impact of […]


Call for Review: Indexed Database API 2.0 is a W3C Proposed Recommendation
    16 Nov 2017 | 07:21 from W3C News

The Web Platform Working Group has published a Proposed Recommendation of Indexed Database API 2.0. This document defines APIs for a database of records holding simple values and hierarchical objects. Each record consists of a key and some value. Moreover, the database maintains indexes over records it stores. An application developer directly uses an API […]


CA20171114-01: Security Notice for CA Identity Governance
    16 Nov 2017 | 04:41 from Bugtraq

Posted by Kotas, Kevin J on Nov 15

CA20171114-01: Security Notice for CA Identity Governance

Issued: November 14, 2017
Last Updated: November 14, 2017

CA Technologies support is alerting customers to a potential risk
with CA Identity Governance. A vulnerability exists that can
potentially allow a malicious actor to conduct cross-site scripting
attacks. CA published a solution to resolve the issue.

The vulnerability, CVE-2017-9394, occurs due to insufficient input
validation...

[SECURITY] [DSA 4033-1] konversation security update
    15 Nov 2017 | 01:58 from Bugtraq

Posted by Salvatore Bonaccorso on Nov 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4033-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 13, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : konversation
CVE ID : CVE-2017-15923
Debian Bug...

[CVE-2017-15288] A privilege escalation vulnerability in the Scala compilation daemon
    15 Nov 2017 | 01:52 from Bugtraq

Posted by jason . zaugg on Nov 14

A privilege escalation vulnerability has been identified in the Scala compilation daemon.

The compile daemon is started explicitly by the `fsc` command, or implicitly by executing
a Scala source file as a script (e.g `scala MyScript.scala`). Note: Using the `scala`
command to start a REPL or to run a pre-compiled class does not start the compile daemon.

# Impact

While the compile daemon is running, an attacker with local access to the machine...

Symantec Endpoint Protection (SEP) v12.1 Tamper-protection Bypass CVE-2017-6331 (hyp3rlinx)
    14 Nov 2017 | 05:26 from Bugtraq

Posted by apparitionsec on Nov 13

[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
=======
www.symantec.com

Product:
===========
Symantec Endpoint Protection
v12.1.6 (12.1 RU6 MP5)
Symantec 12.1.7004.6500

Vulnerability Type:
===================
Tamper-Protection Bypass
Denial...

Faraday v2.7: Collaborative Penetration Test & Vulnerability Management Platform
    14 Nov 2017 | 01:27 from Penetration Testing

Posted by Francisco Amato on Nov 13

Faraday is the Integrated Multiuser Risk Environment you have always
been looking for! It maps and leverages all the data you generate in
real time, letting you track and understand your audits. Our dashboard
for CISOs and managers uncovers the risks and impacts and risks being
assessed by the audit in real-time without a single email. Developed
with a specialized set of functionalities that helps users improve
their own work, the main purpose is...

Friday Free Software Directory IRC meetup: November 17th starting at 12:00 p.m. EST/17:00 UTC
    13 Nov 2017 | 20:33 from FSF blogs

Join the FSF and friends Friday, November 17th, from 12:00 p.m. to 3 p.m. EST (17:00 to 20:00 UTC) to help improve the Free Software Directory, with this week's theme of computer mice.