March 9, 2016 All versions of Open SSH prior to 7.2p2 with X11Forwarding enabled.
Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1).
The Anti Virus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security: Server (SDCS: S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for Share Point Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton Anti Virus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression.
This client library enables client applications to connect to the Azure Document DB service.
Azure Document DB is a No SQL document database hosted in Microsoft Azure and delivered as a service.
Using Endpoint Protection 8.0.1603 on a Windows XP Pro SP3 box with VPS 150903-0. Every couple of hours for the past 2 days on this machine I have gotten an Avast pop-up claiming that Avast is unable to update successfully.
System/license is controlled by SOA 18.104.22.168 on a Windows 7 machine. However, the client says everything is up to date ("latest update received" today just a few minutes ago, even though the VPS is not current) and working fine. However, Avast claims to still support XP, and has issued no statements to the contrary. Unfortunately, there's not much you can do about it.
Mitigate by setting X11Forwarding=no in sshd_config, or on the commandline.
This is the default, but some vendors enable the feature. This bug is corrected in Open SSH 7.2p2 and in Open BSD's stable branch.
Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.
We have subsequently received feedback from you and acknowledge that our announcements have raised concerns,” BPI said in an advisory on Tuesday.