Network Security

Network Security
Current Security Messages

After nearly 20 years of security news this service is discontinued. Some reasons are the very high number of vulnerabilities combined with automatically updating systems. So the necessity of this service is depreciated. We hope that you understand this decision.
Please visit us also at!

Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!

This is some information you send:

Your Browser

CCBot/2.0 (

Your IP address

(no reverse DNS resolution) []

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen message with ID ae-201206-007

System: Debian GNU/Linux
Topic: Vulnerabilities in arpwatch, libgdata, nut, and imp4
Links: DSA-2481, CVE-2012-2653, ESB-2012.0512,
DSA-2482, CVE-2012-2653, ESB-2012.0513,
DSA-2484, CVE-2012-2944, ESB-2012.0514,
DSA-2485, CVE-2012-0791, ESB-2012.0515
ID: ae-201206-007

A patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses. Libgdata, a library used to access various Google services, isn't validating certificates against trusted system root CAs when using an https connection. Upsd, the server of Network UPS Tools (NUT) is vulnerable to a remote Denial-of-Service attack. Multiple cross-site scripting (XSS) vulnerabilities were discovered in IMP, the webmail component in the Horde framework. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various crafted parameters.
Updated packages are available now.

(c) 2000-2017 AERAsec Network Services and Security GmbH