Hack Talk
There was a HOLE here. It's gone now. Home | Gitweb | Status | IRC

Sun, 24 Sep 2017 14:15:25 +0200

Upcoming Workshop: WebVR Authoring: Opportunities and Challenges
    21 Sep 2017 | 15:06 from W3C News

W3C announced today WebVR Authoring: Opportunities and Challenges Workshop, 5-7 December 2017, in Brussels, Belgium. The event is hosted by DigitYser. The primary goal of the workshop is to bring together WebVR stakeholders to identify unexploited opportunities as well as technical gaps in WebVR authoring. Participants in the workshop will: Share good practices and novel […]


W3C Invites Implementations of Core Accessibility API Mappings 1.1
    21 Sep 2017 | 11:26 from W3C News

Core Accessibility API Mappings (Core-AAM) 1.1 has been published by Accessible Rich Internet Applications (ARIA) Working Group as a Candidate Recommendation and is now undergoing implementation finalization and testing. Core-AAM describes how roles, states, and properties in Accessible Rich Internet Applications (WAI-ARIA) 1.1 should be exposed to accessibility APIs. Implementation of this specification makes it […]


Free Software Directory meeting recap for September 15th, 2017
    20 Sep 2017 | 23:33 from FSF blogs

Check out the great work our volunteers accomplished at the last Free Software Directory meeting.


APPLE-SA-2017-09-19-1 iOS 11
    20 Sep 2017 | 09:20 from Bugtraq

Posted by Apple Product Security on Sep 20

APPLE-SA-2017-09-19-1 iOS 11

iOS 11 is now available and addresses the following:

Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This
issue was addressed through requiring TLS.
CVE-2017-7088: Ilya Nesterov, Maxim...

LibrePlanet 2018: Let's talk about Freedom. Embedded.
    19 Sep 2017 | 22:06 from FSF blogs

Here at the Free Software Foundation, we've been planning for LibrePlanet 2018, and guess what? It's the tenth anniversary of this free software community conference, and it's happening March 24th-25th, 2018 in the Boston area!


Friday Free Software Directory IRC meetup: September 22nd starting at 12:00 p.m. EDT/16:00 UTC
    19 Sep 2017 | 16:41 from FSF blogs

Join the FSF and friends Friday, September 22nd, from 12:00 p.m. to 3 p.m. EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory, with this week's theme of CAD and navigation software.


[slackware-security] httpd (SSA:2017-261-01)
    19 Sep 2017 | 10:31 from Bugtraq

Posted by Slackware Security Team on Sep 19

[slackware-security] httpd (SSA:2017-261-01)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.27-i586-2_slack14.2.txz: Rebuilt.
This update patches a security issue ("Optionsbleed") with the OPTIONS http
method which may leak arbitrary pieces of...

[slackware-security] libgcrypt (SSA:2017-261-02)
    19 Sep 2017 | 10:18 from Bugtraq

Posted by Slackware Security Team on Sep 19

[slackware-security] libgcrypt (SSA:2017-261-02)

New libgcrypt packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libgcrypt-1.7.9-i586-1_slack14.2.txz: Upgraded.
Mitigate a local side-channel attack on Curve25519 dubbed "May
the Fourth be With You".
For more information, see:...

[slackware-security] ruby (SSA:2017-261-03)
    19 Sep 2017 | 10:07 from Bugtraq

Posted by Slackware Security Team on Sep 19

[slackware-security] ruby (SSA:2017-261-03)

New ruby packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ruby-2.2.8-i586-1_slack14.2.txz: Upgraded.
This release includes several security fixes.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898...

Watchguard Fireware OS DOS & Stored XSS
    19 Sep 2017 | 09:52 from Bugtraq

Posted by David Fernandez on Sep 19

Watchguard’s Firebox and XTM are a series of enterprise grade network
security appliances providing advanced security services like next
generation firewall, intrusion prevention, malware detection and
blockage and others. Two vulnerabilities were discovered affecting the
XML-RPC interface of the Web UI used to manage Fireware OS, the
operating system running on Watchguard Firebox and XTM appliances. To
exploit any of the flaws discovered, no...

[SECURITY] [DSA 3978-1] gdk-pixbuf security update
    19 Sep 2017 | 09:39 from Bugtraq

Posted by Moritz Muehlenhoff on Sep 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3978-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gdk-pixbuf
CVE ID : CVE-2017-2862
Debian Bug :...

ZK Time_Web Software 2.0 - Broken Authentication
    18 Sep 2017 | 18:04 from Bugtraq

Posted by Arvind Vishwakarma on Sep 18

Vulnerability Type: Broken Authentication
Vendor of Product: ZKTeco
Affected Product Code Base: ZKTime Web - 2.0.1.12280
Affected Component: ZK Time Web Interface Management.
Attack Type: Local - Unauthenticated
Impact: Information Disclosure
------------------------------------------
Product description:
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software,
which provided a stable communication for devices through GPRS/WAN,
hence,...

ZKTime_Web Software 2.0 - Cross Site Request Forgery
    18 Sep 2017 | 17:50 from Bugtraq

Posted by Arvind Vishwakarma on Sep 18

Vulnerability Type: Cross Site Request Forgery (CSRF)
Vendor of Product: ZKTeco
Affected Product Code Base: ZKTime Web - 2.0.1.12280
Affected Component: ZK Time Web Interface Management.
Attack Type: Local - Authenticated
Impact: Escalation of Privileges
------------------------------------------
Product description:
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software,
which provided a stable communication for devices through...

Encrypted Media Extensions (EME) is a W3C Recommendation
    18 Sep 2017 | 14:58 from W3C News

The HTML Media Extensions Working Group published Encrypted Media Extensions (EME) as a W3C Recommendation today. Encrypted Media Extensions (EME), which extends the ‘HTMLMediaElement’ element of the HTML specification, is an Application Programming Interface (API) that allows playback of protected content in Web browsers. Combined with W3C’s Recommendation Media Source Extensions (MSE) which provides the […]


[SECURITY] [DSA 3976-1] freexl security update
    18 Sep 2017 | 10:00 from Bugtraq

Posted by Salvatore Bonaccorso on Sep 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3976-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 17, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : freexl
CVE ID : CVE-2017-2923 CVE-2017-2924
Debian...

[slackware-security] kernel (SSA:2017-258-02)
    18 Sep 2017 | 09:48 from Bugtraq

Posted by Slackware Security Team on Sep 18

[slackware-security] kernel (SSA:2017-258-02)

New kernel packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.88/*: Upgraded.
This update fixes the security vulnerability known as "BlueBorne".
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at
Linux kernel version...

[SECURITY] [DSA 3975-1] emacs25 security update
    18 Sep 2017 | 09:35 from Bugtraq

Posted by Moritz Muehlenhoff on Sep 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3975-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : emacs25
CVE ID : CVE-2017-14482

Charles A. Roelli...

Web Commerce Interest Group Rechartered with New Mission
    15 Sep 2017 | 17:25 from W3C News

W3C has just rechartered the Web Commerce Interest Group to improve Commerce on the Web for users, merchants, and other stakeholders. This charter represents the next iteration of the Web Payments Interest Group. Changes to the charter reflect the broader scope of Interest Group discussions that have been taking place over the past year, including […]


First Public Working Drafts: WoT Architecture; WoT Thing Description; WoT Scripting API
    15 Sep 2017 | 05:14 from W3C News

The Web of Things (WoT) Working Group has published the following three First Public Working Drafts: Web of Things (WoT) Architecture: This document describes the abstract architecture for the W3C Web of Things, which consists of three initial building blocks, i.e., (1) WoT Thing Description, (2) WoT Scripting API and (3) WoT Binding Templates. Web […]


Friday Free Software Directory IRC meetup: September 15th starting at 12:00 p.m. EDT/16:00 UTC
    14 Sep 2017 | 21:12 from FSF blogs

Join the FSF and friends Friday, September 15th, from 12:00 p.m. to 3 p.m. EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory, with this week's theme of adding new entries to the Directory.