Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
LinuxSecurity.com: * New upstream version (3.0.1.2): - cups-x2go{,.conf}: port to File::Temp. Use Text::ParseWords to split up the ps2pdf command line correctly. Don't use system() but IPC::Open2::open2(). Capture the ps2pdf program's stdout and write it to the temporary file handle "manually". Should fix problems reported by Jan Bi on IRC. - cups-x2go: fix commented out second ps2pdf definition to output PDF data to stdout. * New upstream version (3.0.1.3): - cups-x2go: import tempfile() function from File::Temp module. - cups-x2go: only repeat the last X, not the whole ".pdfX" string (or the like.) - cups-x2go: actually print "real" executed command instead of the "original" one with placeholders. - cups-x2go: read output from ghostscript, don't write a filehandle to the temporary file. Fixes a hanging ghostscript call and... well... random junk, instead of a "real" PDF file. - cups-x2go: use parentheses around function arguments. - cups-x2go: fix binmode() call, :raw layer is implicit. - cups-x2go: fix print call... Does not allow to separate parameters with a comma. - cups-x2go: add correct :raw layer to binmode calls. - cups-x2go: fix tiny typo. - cups-x2go: read data from GS and STDIN in chunks of 8 kbytes, instead of everything at once. Handles large print jobs gracefully. - cups-x2go: add parentheses to close() calls. - cups-x2go: delete PDF and title temporary files automatically. - cups-x2go: unlink PS temporary file on-demand in END block. Also move closelog to END block, because we want to print diagnosis messages in the END block. - cups-x2go: don't use unlink() explicitly. Trust File::Temp and our END block to clean up correctly. - cups-x2go: there is no continue in perl for stepping forward a loop. Still not. I keep forgetting that. Use next. (Partly) Fixes: #887. - cups-x2go: use the same temp file template for PS, PDF and title files. Use appropriate suffixes if necessary when generating PDF and title temp files. (Fully) Fixes: #887.Update to 3.0.1.1:- Add a short README that provides some getting started information.Update to 3.0.1.1:- Add a short README that provides some getting started information.
 
LinuxSecurity.com: The 4.0.6 stable update contains a number of important fixes across the tree.
 
LinuxSecurity.com: Update to 0.163. Hardening fixes. Updated eu-addr2line utility. Various bug fixes. Updated translations.Update to 0.162. Hardening fixes. Updated eu-addr2line utility. Various bug fixes.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Fixes for:CVE-2015-3226Escape HTML entities in JSON keysCVE-2015-3227XML documents that are too deep can cause an stack overflow, which in turn will cause a potential DoS attack.
 
LinuxSecurity.com: Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:=====* Move the default dump location from /var/tmp/abrt to /var/spool/abrt* Use root for owner of all dump directories* Stop reading hs_error.log from /tmp* Don not save the system logs by default* Don not save dmesg if kernel.dmesg_restrict=1libreport:==========* Harden the code against directory traversal, symbolic and hard link attacks* Fix a bug causing that the first value of AlwaysExcludedElements was ignored* Fix missing icon for the "Stop" button icon name* Improve development documentation* Translations updatesgnome-abrt:===========* Use DBus to get problem data for detail dialog* Fix an error introduced with the details on System page* Enabled the Details also for the System problems
 
LinuxSecurity.com: Update fixing a minor security issue CVE-2015-3238.
 
LinuxSecurity.com: Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:=====* Move the default dump location from /var/tmp/abrt to /var/spool/abrt* Use root for owner of all dump directories* Stop reading hs_error.log from /tmp* Don not save the system logs by default* Don not save dmesg if kernel.dmesg_restrict=1libreport:==========* Harden the code against directory traversal, symbolic and hard link attacks* Fix a bug causing that the first value of AlwaysExcludedElements was ignored* Fix missing icon for the "Stop" button icon name* Improve development documentation* Translations updatesgnome-abrt:===========* Use DBus to get problem data for detail dialog* Fix an error introduced with the details on System page* Enabled the Details also for the System problems
 
LinuxSecurity.com: Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:=====* Move the default dump location from /var/tmp/abrt to /var/spool/abrt* Use root for owner of all dump directories* Stop reading hs_error.log from /tmp* Don not save the system logs by default* Don not save dmesg if kernel.dmesg_restrict=1libreport:==========* Harden the code against directory traversal, symbolic and hard link attacks* Fix a bug causing that the first value of AlwaysExcludedElements was ignored* Fix missing icon for the "Stop" button icon name* Improve development documentation* Translations updatesgnome-abrt:===========* Use DBus to get problem data for detail dialog* Fix an error introduced with the details on System page* Enabled the Details also for the System problems
 
LinuxSecurity.com: Fixes for:CVE-2015-3226Escape HTML entities in JSON keysCVE-2015-3227XML documents that are too deep can cause an stack overflow, which in turn will cause a potential DoS attack.
 

Security researchers at ESET in Bratislava, Slovakia have published an analysis of another apparently state-sponsored cyber-espionage tool used to target computers in Iran—and potentially elsewhere. The malware, also recently mentioned by Kaspersky researchers, was named "Dino" by its developers and has been described as a "full featured espionage platform." And this advanced persistent threat malware, according to researchers, might as well come with a "fabriqué en France" stamp on it.

Based on analysis of Dino's code from a sample that infected systems in Iran in 2013, "We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware," ESET's Joan Calvet wrote in a blog post today. The Casper malware was part of a large-scale attack on Syrian computers last fall. "Dino contains interesting technical features, and also a few hints that the developers are French speaking," Calvet noted.

Other members of the "Animal Farm" malware family have been attributed to French intelligence agencies by researchers—including a 2011 analysis by Canada's Communications Security Establishment revealed by documents leaked by former National Security Agency contractor Edward Snowden. Dino shares attributes with the other members of the "Animal Farm" malware family and improves on many of the techniques of "Babar," the previous generation intelligence-gathering software implant.

Read 11 remaining paragraphs | Comments

 
 
APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001
 
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
 
APPLE-SA-2015-06-30-1 iOS 8.4
 
APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7
 

Bromium Survey Finds Increased Concern About Legacy Solutions and Users ...
SYS-CON Media (press release)
For the survey, more than 125 information security professionals were asked about the greatest risks facing organizations today and the effectiveness of different solutions and architectures. The results show that while concern for end-user risk ...

and more »
 

Bromium Survey Finds Increased Concern About Legacy Solutions and Users ...
Digital Journal
For the survey, more than 125 information security professionals were asked about the greatest risks facing organizations today and the effectiveness of different solutions and architectures. The results show that while concern for end-user risk ...

and more »
 
LinuxSecurity.com: Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Several security issues were fixed in Oxide.
 
LinuxSecurity.com: Apply patch to work around out of bounds bug: BZ 1231871.
 
LinuxSecurity.com: update to 9.3.9 minor releaseupdate to 9.3.8 per release notesupdate to 9.3.7 per release notes
 
LinuxSecurity.com: Bump to openvas8 because of the issues found in previous versions.This should be the first version with scanner really working on Fedora.
 
LinuxSecurity.com: Bump to openvas8 because of the issues found in previous versions.This should be the first version with scanner really working on Fedora.
 
LinuxSecurity.com: Bump to openvas8 because of the issues found in previous versions.This should be the first version with scanner really working on Fedora.
 
LinuxSecurity.com: Bump to openvas8 because of the issues found in previous versions.This should be the first version with scanner really working on Fedora.
 
LinuxSecurity.com: Security fix for CVE-2015-1840
 
LinuxSecurity.com: **1.1.20** - 9 June 2015. Fix for a potential security vulnerability arising from unescaped double-quote character in single-quoted attribute value of some deprecated elements when tag transformation is enabled; recognition for non-(HTML4) standard 'allowfullscreen' attribute of 'iframe.'
 
LinuxSecurity.com: Latest upstream with security fix for http://seclists.org/oss-sec/2015/q2/3 https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a
 
LinuxSecurity.com: Latest upstream with security fix for http://seclists.org/oss-sec/2015/q2/3 https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a
 
LinuxSecurity.com: Apply patch to work around out of bounds bug: BZ 1231871.
 
Google Chrome Address Spoofing (Request For Comment)
 
CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP
 

The Register

Intel infosec folk TEE off open source app dev framework
The Register
A trio of Intel boffins have broken a vendor lock-down on trusted execution environments (TEEs) with the release of an open source framework that could help developers to build more secure apps. Intel wonks Brian McGillion, Tanel Dettenborny, and ...

 
Internet Storm Center Infocon Status