Mandriva Linux Security Advisory 2013-170 - Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been upgraded to the latest version which is not vulnerable to this issue.
b6470f67993d2d22bc91e370c86c46404de158d07c1702819900e876709ab063CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.
2e54655588c25bdefe31a55c53e84ad769d4df7d8697929e133e8c471bd7394dUbuntu Security Notice 1831-2 - USN-1831-1 fixed a vulnerability in OpenStack Nova. The upstream fix introduced a regression where instances using uncached QCOW2 images would fail to start. This update fixes the problem. Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk. Various other issues were also addressed.
a50ab4b4de6a17a5bf675ce2e2d8f1ac4f8d0e30adadd5f88dc4ecf39fa42552Red Hat Security Advisory 2013-0876-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.
771b5cf0baa142d36b61a35b2a17019a02dab759a5895fa85fdd606db24f172fRed Hat Security Advisory 2013-0872-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 and tomcat6 init scripts handled the tomcat5-initd.log and tomcat6-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. Note: With this update, tomcat5-initd.log and tomcat6-initd.log have been moved to the /var/log/ directory.
199cda86dd71068edbef06de9eb7dc337d73b17a508b1f3cec2cd3be13e4aafbRed Hat Security Advisory 2013-0873-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.
cecf1d51ed0c4262624e43b997afb2de10d940cea27df60955ecbe489b38f371Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 and tomcat7 init scripts handled the tomcat6-initd.log and tomcat7-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root.
0958d0cbed0050a16dec44ed62948999617eca534fb1b54edfe416b90c69c598Red Hat Security Advisory 2013-0875-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.
0e1d286cb3e931e03beb90fdc154faa85d586a8f0ce7a4262ff1b22ec07415f1Red Hat Security Advisory 2013-0874-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.
762bc581736c0924210861060698681ac59d24483796a4a02c3339e661aeec62Red Hat Security Advisory 2013-0870-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file.
73673139e2d79f38abef28de888a48c2d7dfbd4dd4f0af2607af87e6191be149Red Hat Security Advisory 2013-0868-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP requests. A remote attacker could send pipelined HTTP requests that would cause HAProxy to crash or, potentially, execute arbitrary code with the privileges of the user running HAProxy. This issue only affected systems using all of the following combined configuration options: HTTP keep alive enabled, HTTP keywords in TCP inspection rules, and request appending rules.
a13d26acaf53515c7f910526932accbd0e75fb1f4601b88631fed32c1a9ec19bRed Hat Security Advisory 2013-0869-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.
401e4a4f336235be1cf456c5a4ad7081526d207288121b04e31993f2bece5aafUbuntu Security Notice 1841-1 - It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.
b002a0a0604129aab3c01f6d632495573ac355189b6d1b38e345b90d003d572aDebian Linux Security Advisory 2694-1 - A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website.
fc4a611833f0a5eb9fe705374c4e9db33905e8cf726ffbe494a50eadf1b5b633Ubuntu Security Notice 1839-1 - A flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.
86ed1e11ed9cf4931a18e84838efdd7f1f497b8d0f4b6080dd50c1bfa77d545dMandriva Linux Security Advisory 2013-168 - httplib2 only validates SSL certificates on the first request to a connection, and doesn't report validation failures on subsequent requests.
3d461ed982ce73f57f0d9db3030c1093c61471b0bd761aa4a87ccc6a3d04a5e6Debian Linux Security Advisory 2675-2 - A regression was discovered in the security update for libxvmc, causing segfaults with some applications. Updated packages are available to address this problem. For reference, the original advisory text follows.
d3a0bc1632e466760dad2950464a69652889c77f4fe59d25b1370341024f0a59Mandriva Linux Security Advisory 2013-167 - OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementation of the crypto library, optimistically at a rate of about one character per 3 hours. PolarSSL seems vulnerable to such an attack; the vulnerability of OpenSSL has not been verified or tested.
a75cb3960da77a15622808e7278771f10cebd019788136fc247c9d95fda3ffabDebian Linux Security Advisory 2693-1 - Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
45c896ecb29d7dd8c9d97225ffcb5169c2a16957a4861b7cc2f87deb1771927cApache Struts has released version 2.3.14.2. This version addresses a security issue. A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks.
997e378c4b860d1aa2a155b1337c65add2fa61cfb34c8b401dbef4cd54ad9b69Password generation in the KDE paste applet is not truly random.
48318ab20552dce981107a3b49148a6e35dad5d6b34196e4735021f09ddb4fbbHP Security Bulletin HPSBUX02881 SSRT101189 - A potential security vulnerability has been identified in HP-UX Directory Server. The vulnerability could be exploited remotely resulting in information disclosure. Revision 1 of this advisory.
0e404da219e48f6bd2bb51c56988325b37c0075597bfbe9f980fd18aac569d7cUbuntu Security Notice 1837-1 - An information leak was discovered in the Linux kernel's crypto API. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. An information leak was discovered in the Linux kernel's rcvmsg path for ATM (Asynchronous Transfer Mode). A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. Various other issues were also addressed.
a149e6791afe53949e5c21b09601ee39e3868e3706f7403265a6e6902dba012bUbuntu Security Notice 1835-1 - A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. A flaw was discovered in the Linux kernel's ftrace subsystem interface. A local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
538cf179b4264bbeab428807f8490f8849cdc99819a39590b205530445984644Ubuntu Security Notice 1836-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.
42d076c106745f487957ef7b40c9f50928e736a03fc9cad6e39cf873660a840e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed