Red Hat Security Advisory 2013-0580-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges.
bce351916224e0505a2617c15adea50d8775860585e7344c9149974fbf8e9b78The Airvana Airrave router version 2.5 suffers from a stored cross site scripting vulnerability.
8a8c8f4eaacfa94b50ca1148811eda804a4aecd70d923ea5ba83e689fbad47ccRed Hat Security Advisory 2013-0577-01 - In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 has ended. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization 2.x installations to version 3.0. The upgrade from RHEV Manager version 2.2 running on Microsoft Windows to Red Hat Enterprise Virtualization Manager 3.0 running on Red Hat Enterprise Linux is fully supported and requires no downtime, during the upgrade all virtual machines will continue to run without loss of service.
ff86c4162020df1aa88b4eb05f17211bfa624d09c13741078a990347f3d95d95Red Hat Security Advisory 2013-0582-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system.
e0e1bc67708c3a5e17e015a956f1679d743300e35ddbcad23b6ada0623037f7aUbuntu Security Notice 1732-2 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.
2367bcc3d45834f284f828f0ff2c01105eb0f564e86bef545dbb3c3941c12cd7Mandriva Linux Security Advisory 2013-016 - PHP does not validate the configuration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations. PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send serialized SoapClient object initialized in non-wsdl mode which will make PHP to parse automatically remote XML-document specified in the location option parameter. The updated packages have been upgraded to the 5.3.22 version which is not vulnerable to these issues. Additionally, some packages which requires so has been rebuilt for php-5.3.22.
ff41515449363984942b65ae249ef44b40b554b1cc2d8893434bac83e5ccb454Ubuntu Security Notice 1754-1 - Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.
b6eaa9e4310775a7d2276b521831c90680ecfb4422746e497b6bdd6750cabed1Drupal Clean third party theme version 7.x suffers from a cross site scripting vulnerability.
15d448bacc7444411853aac2edf318169657e316a7a1008de137cecab32ab9beDrupal Company third party theme version 7.x suffers from a cross site scripting vulnerability.
90ea9c99a37232f836aab987a7229ef571b95b070ace7b2351d834d7dedf6e62Red Hat Security Advisory 2013-0574-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. A specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. This update also fixes a permissions issue with the Adobe Flash Player Firefox sandbox.
3068f801979182c4215252624e687c0792782b46ba969047634ac893c90aa475Drupal Professional third party theme version 7.x suffers from a cross site scripting vulnerability.
b39c547e17e7326ee10140e93fc734025e4d2a6737630f8a2edb60017b562b72Drupal Best Responsive third party theme version 7.x suffers from a cross site scripting vulnerability.
11150be6bc04decd2f2848292fe922025e09f8c537f2e3e0b5a54b77f1461507Cisco Security Advisory - Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of this vulnerability could interrupt the monitoring of voice services. Cisco has released free software updates that address this vulnerability.
e8692d8dda3a665c7dd9de2f03a19590613ddcdb2a9380e15c20c121a14f0f14Cisco Security Advisory - Cisco Unified Presence Server (CUPS) contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability.
ded8e06b112e526831baf871d743d44d2c103cdf2681b8cd24634286b21672daUbuntu Security Notice 1753-1 - Sebastian Krahmer and Bastien Nocera discovered that DBus-GLib did not properly validate the message sender when the "NameOwnerChanged" signal was received. A local attacker could possibly use this issue to escalate their privileges.
9ce1ac4e5f067377afdafd7442b6e3c1e4f0943a1f5f93e3180598e214b52378Debian Linux Security Advisory 2633-1 - Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories.
887259b32ee22a9f8e0e8da18d4e9a19414ef7433786583622bc92c771b98ed4Debian Linux Security Advisory 2634-1 - Several vulnerabilities have been discovered in python-django, a high-level python web development framework.
8377d247b2330890d79f474d182321f1f3ac22f1b48dd7ed09f05e3891683554Drupal Creative Theme third party theme version 7.x suffers from a cross site scripting vulnerability.
7bd2d548ef1246483a1fd41308d4a1e69523c2b176e17fc4f0b8011557748495Drupal Fresh Theme third party theme version 7.x suffers from a cross site scripting vulnerability.
e3de67fa58d409a4f1ed295ca09c1ef3fd1d3ad772b98508639e2367e7725fefUbuntu Security Notice 1752-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
1cfa24fa1e2257b80843bb7496808728d5ace2f7a980167a435ad01d16cc82eaUbuntu Security Notice 1751-1 - Mathias Krause discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.
be2d43a9f5f1464ceb14a292a1fb9499c7f7c6dd60431ec4fe7bf9ee6b73c602Red Hat Security Advisory 2013-0570-01 - Oracle Java SE 6 will no longer receive updates after February 28, 2013. The Oracle Java SE 6 packages on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Red Hat Network channels will continue to be available after February 28, 2013.
4b23dec91c0294f5db6ca888ca2eda4fa491bd1b5db966987a7953f62d50fdbaRed Hat Security Advisory 2013-0569-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.
2587795973b4187dc98f0e3534f371af6311704b4e1d0fe7f9329c9f572d2026Red Hat Security Advisory 2013-0567-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.
df9e621f7456eb9a73a631da3e476442cdd07e31b345df61d337cbbb9670e4b8Red Hat Security Advisory 2013-0568-01 - dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.
f115f8f456a5b073c3c794a1f1c4435ef97f30b0ff1398b9309a9019ea8e3fac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed