The Kraw Daemon HeadQuarter

Secunia Security Advisory - A vulnerability has been reported in Cyrus IMAPd, which can be exploited by malicious users to compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for opera. This fixes two vulnerabilities, where one has unknown impacts and the other one can be exploited by malicious people to bypass certain security features.

Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in the PhotoSmash plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory - Multiple vulnerabilities have been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious users to conduct script insertion attacks.

Secunia Security Advisory - Debian has issued an update for bcfg2. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

Secunia Security Advisory - rgod has reported a vulnerability in Embarcadero ER/Studio Portal, which can be exploited by malicious people to compromise a user's system.

Secunia Security Advisory - Miroslav Stampar has discovered a vulnerability in the WP-Filebase plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

Secunia Security Advisory - A vulnerability has been reported in SWI-Prolog, which can be exploited by malicious people to potentially compromise a user's system.

Secunia Security Advisory - Red Hat has issued an update for Red Hat Enterprise MRG. This fixes a security issue, which can be exploited by malicious, local users to disclose potentially sensitive information.

Apple Security Advisory 2011-09-09-1 - Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.

HP Security Bulletin HPSBUX02702 SSRT100606 2 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

Slackware Security Advisory - Not long ago, httpd package updates were issued to clamp down on a denial of service bug that's seen some action in the wild. New packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current.

Mandriva Linux Security Advisory 2011-134 - Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service via a long TAG in a legacy syslog message. The updated packages have been patched to correct this issue.

Spring Security provides a mechanism (RunAsManager) to allow particular operations to run with a different set of privileges than the predefined user. The implementation contains a race condition whereby the escalated privileges could also be used in a different invocation in another thread. Versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 are affected.

Spring Framework versions 3.0.0 to 3.0.5 and Spring Security versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 suffer from serialization issues. Several issues have been reported which may affect applications which de-serialize objects from an untrusted source such as a remote client. It is possible for a malicious client to inject undesirable behavior into the server by serializing proxies rather than specific class instances, or by taking advantage of internal AOP interfaces which were being exposed through the remote service, in addition to the service interface.

Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.

Ubuntu Security Notice 1197-5 - USN-1197-1 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates. It was discovered that Dutch Certificate Authority DigiNotar, had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.

Debian Linux Security Advisory 2303-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

Ubuntu Security Notice 1197-4 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for the Network Security Service libraries (NSS). USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar, had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.

Debian Linux Security Advisory 2302-1 - It has been discovered that the bcfg2 server, a configuration management server for bcfg2 clients, is not properly sanitizing input from bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a bcfg2 client to execute arbitrary commands on the server with root privileges.