Hack Talk
It's like the Internet without all the smart people Home | Gitweb | Status | IRC

Fri, 20 Jan 2017 06:38:04 +0100

Friday Game Night Free Software Directory IRC meetup: January 20th starting at 12 p.m. EST/17:00 UTC
    19 Jan 2017 | 16:51 from FSF's blog

Join the FSF and friends Friday, January 20th, from 12 p.m. to 3 p.m. EST (17:00 to 20:00 UTC) to help improve the Free Software Directory (FSD), with this week's theme of games.


Free Software Directory meeting recap for January 13th, 2017
    19 Jan 2017 | 15:52 from FSF's blog

Check out the great work our volunteers accomplished at the last Free Software Directory meeting.


Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day
    19 Jan 2017 | 08:45 from Bugtraq

Posted by Nicholas Lemonias. on Jan 18

************************************************************************************
*
*
* Copyright (c) 2017, Advanced Information Security Corp / Oracle Inc. *
*
*
*
*
************************************************************************************

ABSTRACT
===========

This industry-led...

Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day
    19 Jan 2017 | 08:37 from Bugtraq

Posted by lem . nikolas on Jan 18

**************************************************
(c) 2017 Advanced Information Security Corporation and Oracle Inc.

**************************************************

Author: Nicholas Lemonias
Date: 17/01/2017

MySQL Remote 0day / Remote Buffer Overflows in 'NDBAPI' Cluster

Full report with technical details can be obtained from:

https://www.docdroid.net/hwLnQVr/cve-2016-5541.pdf.html

(References)

[1] Oracle Critical...

[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection
    19 Jan 2017 | 08:29 from Bugtraq

Posted by Julien Ahrens on Jan 18

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Mattermost
Vendor URL: www.mattermost.org
Type: Cross-site Scripting [CWE-79]
Date found: 02/12/2016
Date published: 16/01/2017
CVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE...

[security bulletin] HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities
    19 Jan 2017 | 08:19 from Bugtraq

Posted by security-alert on Jan 18

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05376917

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05376917
Version: 1

HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple
Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-01-18
Last...

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability
    18 Jan 2017 | 16:59 from Bugtraq

Posted by EMC Product Security Response Center on Jan 18

----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability

EMC Identifier: ESA-2016-161

CVE Identifier: CVE-2016-9870

Severity Rating: CVSS v3 Base Score: 6.0 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

Affected products:
• EMC Isilon OneFS 8.0.0.0
• EMC Isilon OneFS 7.2.1.0 - 7.2.1.2
• EMC Isilon OneFS 7.2.0.x
• EMC Isilon OneFS 7.1.1.0 - 7.1.1.10
• EMC Isilon...

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability
    18 Jan 2017 | 16:49 from Bugtraq

Posted by EMC Product Security Response Center on Jan 18

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-143
CVE Identifier: CVE-2016-8213
Severity Rating: CVSS v3 Base Score: 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)

Affected products:
• EMC Documentum Webtop –
o Version 6.8, prior to P18
o Version 6.8.1, prior to P06
• EMC Documentum TaskSpace version 6.7SP3, prior to P02
• EMC Documentum Capital...

Proposed Recommendations published for Web Annotation
    17 Jan 2017 | 21:56 from W3C News

The Web Annotation Working Group has published a Proposed Recommendation for three documents: Web Annotation Data Model: This specification describes a structured model and format, in JSON, to enable annotations to be shared and reused across different hardware and software platforms. Common use cases can be modeled in a manner that is simple and convenient, […]


Proposed Recommendations published for XQuery WG and XSLT WG
    17 Jan 2017 | 21:56 from W3C News

The XML Query Working Group and XSLT Working Group have published a Proposed Recommendation for four documents: XQuery and XPath Data Model 3.1: This document defines the XQuery and XPath Data Model 3.1, which is the data model of XML Path Language (XPath) 3.1, XSL Transformations (XSLT) Version 3.0, and XQuery 3.1: An XML Query […]


Proposed Recommendations published for XQuery WG
    17 Jan 2017 | 21:56 from W3C News

The XML Query Working Group has published a Proposed Recommendation for two documents: XQuery 3.1: An XML Query Language: XML is a versatile markup language, capable of labeling the information content of diverse data sources including structured and semi-structured documents, relational databases, and object repositories. A query language that uses the structure of XML intelligently […]


Computing is changing -- so is the FSF's High Priority Projects List
    17 Jan 2017 | 18:02 from FSF's blog

In response to the changing computing landscape, and with extensive input from the free software community, the Free Software Foundation updated its High Priority Free Software Projects (HPP) list with six new project areas that need your support.


[SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue
    16 Jan 2017 | 20:32 from Bugtraq

Posted by Joe Witt on Jan 16

CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Apache NiFi 1.0.0
Apache NiFi 1.1.0

Description: There is a cross-site scripting vulnerability in
connection details dialog when accessed by an authorized user. The
user supplied text was not be properly handled when added to the DOM.

Mitigation:
1.0.0 users should upgrade to 1.0.1 or 1.1.1....

[SECURITY] [DSA 3743-2] python-bottle regression update
    16 Jan 2017 | 09:51 from Bugtraq

Posted by Sebastien Delafond on Jan 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3743-2 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 15, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-bottle
Debian Bug : 850176

The update for...

[SECURITY] [DSA 3765-1] icoutils security update
    16 Jan 2017 | 09:45 from Bugtraq

Posted by Salvatore Bonaccorso on Jan 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3765-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 14, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icoutils
CVE ID : CVE-2017-5331 CVE-2017-5332...

[security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking
    16 Jan 2017 | 09:36 from Bugtraq

Posted by security-alert on Jan 16

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05370100

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05370100
Version: 1

HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click
Jacking

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-01-13
Last Updated:...

[security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities
    16 Jan 2017 | 09:26 from Bugtraq

Posted by security-alert on Jan 16

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05333297

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05333297
Version: 2

HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface,
Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...

[SECURITY] [DSA 3764-1] pdns security update
    16 Jan 2017 | 09:16 from Bugtraq

Posted by Salvatore Bonaccorso on Jan 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3764-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pdns
CVE ID : CVE-2016-2120 CVE-2016-7068...

[security bulletin] HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information
    13 Jan 2017 | 06:25 from Bugtraq

Posted by security-alert on Jan 12

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369403

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05369403
Version: 1

HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-01-12
Last Updated: 2017-01-12

Potential...

Webmention is a W3C Recommendation
    12 Jan 2017 | 19:38 from W3C News

The Social Web Working Group has published a W3C Recommendation of Webmention. A Webmention is a notification that one URL links to another and is a simple way to notify any URL when you mention it on your site. From the receiver’s perspective, it’s a way to request notifications when other sites mention it.