Ubuntu Security Notice 1873-1 - Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. It was discovered that telepathy-gabble incorrectly handled certain messages. A remote attacker could use this flaw to cause applications using telepathy-gabble to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Various other issues were also addressed.
475c147ea25f27fd09e417df761aac28b56130610bbc492d82ae1d721f2758b0
Red Hat Security Advisory 2013-0941-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB13-16, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.291.
4fc56529520aea78f3ebc49895cc872cea037936e3a6c333145f00847a51b5c5
Red Hat Security Advisory 2013-0943-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issue is also fixed with this release: XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.
117d2f483b6238f72059bf5a05de7e975a965fd4e78951c51bd936c54048660d
Red Hat Security Advisory 2013-0944-01 - Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw in Keystone allowed an attacker with access to the web and network interfaces of services utilizing python-keystoneclient to continue using PKI tokens that had expired. This would allow the attacker to continue using the PKI tokens despite the PKI tokens being expired, giving them continued access to OpenStack services. This issue was discovered by Eoghan Glynn of Red Hat.
6a10372c8aecfb3cc13a430908942c01b308ed0bef169925ff80a306f8a72dbc
Red Hat Security Advisory 2013-0942-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming network bandwidth and CPU.
324d902438b6d9e19ed4e06eebdbd7e2f42306f58b641d1caa7d9302b9b0633f
Mandriva Linux Security Advisory 2013-172 - Multiple vulnerabilities have been found and corrected in wireshark.
b09beca8d9f64555bd3598eeb06a46f0112c9470f0565aaa8c8178eaa85876bd
This bulletin summary lists 5 released Microsoft security bulletins for June, 2013.
bcd2474c5fd958405bda316e229be260bdda335cba1a9038ee71fd2d0d5145ee
HP Security Bulletin HPSBHF02885 - A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO). The vulnerability could be remotely exploited resulting in unauthorized access. Revision 1 of this advisory.
89973d7098050d58960fc1694e7e08e01ea4289ddc3d393195224d347bc19aaa
Red Hat Security Advisory 2013-0928-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host.
1ad26616fc364b191167c6388801cd7215206c00055b03e985d94de46d251e6a
Ubuntu Security Notice 1872-1 - It was discovered that PHP incorrectly handled the quoted_printable_encode function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code.
fbd8d051d9e6248714ab202a81e246785553a1f7bd5fcbed9a22fcc82cc992d2
Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2110.
6afd4b12e66b9713592aeb171b4b0f52c4440c3a72fa3eefcf7e9194fbaad293
Fail2ban version 0.8.9 suffers from a denial of service vulnerability.
f76f159e42e87eaf9487498f0788795ab0ce200ba0820da608f8f5424a150a1f
Red Hat Security Advisory 2013-0888-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. It was found that permission checks were not performed on the target storage domain when cloning a virtual machine from a snapshot. An attacker could use this flaw to perform a denial of service attack, exhausting free disk space on the target storage domain.
d809108a0c0da5f0884217562d2f7b6e41d76a02d2f52d145bd8f09df5362cb8
Red Hat Security Advisory 2013-0925-01 - The rhev-guest-tools-iso package contains tools and drivers. These tools and drivers are required by supported Windows guest operating systems when installed as guests on Red Hat Enterprise Virtualization. An unquoted search path flaw was found in the way the Red Hat Enterprise Virtualization agent was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. An unquoted search path flaw was found in the way the SPICE service was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges.
8d7db196110d9f06320c08dbe07475c7a4b5bfc348edcbc73086bfa0e0f4db04
Red Hat Security Advisory 2013-0924-01 - spice-vdagent-win provides a service and an agent that can be installed and run on Windows guests. An unquoted search path flaw was found in the way the SPICE service was installed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges.
39738cdcf64417729f1bcd27a916f606a40c1299f7d19e25669edd587e1e3481
Red Hat Security Advisory 2013-0911-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way KVM initialized a guest's registered pv_eoi indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. A missing sanity check was found in the kvm_set_memory_region() function in KVM, allowing a user-space process to register memory regions pointing to the kernel address space. A local, unprivileged user could use this flaw to escalate their privileges.
4ea91716af9485fdaf2f63c4557f8a45dc42eca46d9ce7f61bd81b7aba88cb86
Red Hat Security Advisory 2013-0907-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM initialized a guest's registered pv_eoi indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host.
c5b2a5380fdbe6d50bc37c504a126e3ff1b8e4db8e9e20589a8f59d8f84a1e9b
Red Hat Security Advisory 2013-0886-01 - VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts. A flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. The CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.
5ad85b5b12bcdb27221edc6cc06a9e3faf3363b5a36d34d02c0e3a14785a1ca2
Debian Linux Security Advisory 2706-1 - Several vulnerabilities have been discovered in the chromium web browser.
b694865cd0c253f7ed4ada8d59e9a97bb7844aa8c30c7334b72c3fb058be52c8
Debian Linux Security Advisory 2705-1 - Jibbers McGee discovered that pymongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash.
00e591336cf07a8f2e95ed9d81b0a164f3bc60d5f23716f45e7d6918a56e3e28
Ubuntu Security Notice 1871-1 - Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.
c22bd1cae1cbd80fab4d001278af5bd13f17816f2d993318c00144f6151ab18d
Debian Linux Security Advisory 2704-1 - It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets.
fdadd1953f3d7908f47cebe66cd2ef9149ee87ce918a2e3a7b876adf5687e5e2
Debian Linux Security Advisory 2703-1 - Several vulnerabilities were discovered in Subversion, a version control system.
caddbfdb7658445ed7350579889cd63c0708db562c2ce97028ee36d9fc54f9bb
Bluetooth Chat Connect version 1.0 for iOS suffers from cross site scripting and denial of service vulnerabilities.
65f84266ca3b5cd9a93afb354991405e9577aab3627609b1bb372446e0c25408
A use-after-free memory corruption vulnerability was identified in Microsoft Internet Explorer 8. This allows a malicious user to remotely execute arbitrary code on a vulnerable user's machine, in the context of the current user. The memory corruption happens when the application of a style sheet performs style computations on the DOM. A DOM textNode pointer becomes corrupted after the style computation. This pointer is then overwritten when the innerHTML property on the parent object is set.
42e29adc4eef804c5f70dc15a5cf982d90aed29c7b2c9eba91d110e9941198d8