Mandriva Linux Security Advisory 2013-195 - A heap corruption vulnerability has been discovered and corrected in PHP.
41d22962d3e847be882f55fdf4b1b3e582c6f09ece79764dfde346402e48e90e
Red Hat Security Advisory 2013-1060-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
ee8d21bf3d250b22758d57658b44d4417db7b174c40cba149fa6427c16058940
Red Hat Security Advisory 2013-1059-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
9f6a228046040127622a514b9f1dee514c668e2a2a86fe840ff251b81e09159d
This is a brief summary of how a security researcher discovered a use-after-free vulnerability in Microsoft Internet Explorer versions 6 and 7.
fed4dfb70fc3fa7c23bed757145fad40571994fdcfece3bbf1de6eeb343e3a5b
Red Hat Security Advisory 2013-1049-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
e75380b7282aaa382921ecf112fdb316da3dd5c1a98030990320b73778be9439
Red Hat Security Advisory 2013-1050-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
ae1ae5890faa897c0e388c7e472e6bdef7bff09f6930a9b2d0da6eb924a76977
HP Security Bulletin HPSBST02890 3 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access, modification, and escalation of privilege. Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Devices running software version 3.0.0 or newer do not have a HPSupport user account with a pre-set password configured. Revision 3 of this advisory.
422b3375eb717c521ae8728e85ffcb04eb02f34f89ad0731bdbeff7ba22d3908
Gentoo Linux Security Advisory 201307-1 - Multiple vulnerabilities have been found in HAProxy, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.4.24 are affected.
6fbe65c7f8c455d91fb9793263cbcd363c732b4b7cf6a52f71982d44d7efc8bb
Linksys WRT110 suffers from root shell command injection and cross site request forgery vulnerabilities.
850308c35db1a6b6413065eb09749bb1a66bb16d4e5f80c535788b446adada12
Red Hat Security Advisory 2013-1024-01 - Updated Messaging component packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.
b27517f1b626a0eda896340f34f49bd12b4b6bbb7834967692784fd3d4d3f17c
Mandriva Linux Security Advisory 2013-194 - Multiple vulnerabilities has been found and corrected in the Linux kernel. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
222e6a9b6c229fb8760fbf864b56dd9ad305b2f5b2210ae92ec97c2c2809405b
Mandriva Linux Security Advisory 2013-193 - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. The updated packages have been upgraded to the latest 2.2.25 version which is not vulnerable to this issue.
6bb051f28da0e3ffb1ef6f736e950ea307cd11c8d925486e08bc7aa93ce12511
Drupal TinyBox third party module version 7.x suffers from a cross site scripting vulnerability.
68b8c0eff858ede028a885fc8fd53a4323fee40a21aeb4d6befadd4bf113c3b0
Red Hat Security Advisory 2013-1044-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. The RichFaces component is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes.
d18a74069a96a4aaa1652df273b226c9ec81f840a9d532e9124b8e2d2d808e2a
Red Hat Security Advisory 2013-1045-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.
81c3cfee3b426df3d700d82b46210967ca52f443a2ad2a47a35bc2782f988cac
Red Hat Security Advisory 2013-1043-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.
3f195710e9356b035cbdd3ab0f3ee82522528a883a4fa741abf131813d48cd52
Red Hat Security Advisory 2013-1042-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.
8d99bfdf74e800ed985ade651322e5980dd02d516df4c0faefe2493afad24b8a
Debian Linux Security Advisory 2719-1 - Multiple vulnerabilities were discovered in the poppler PDF rendering library.
fcb50182fa2bad45ade94192c613b84468ab1d62c6da5c762196695a733f5ef6
Joomla AICONTACTSAFE version 2.0.19 suffers from a cross site scripting vulnerability.
b4bb8004d0a3151453a8c7faca6416303b9cc9330e840b011b75ec6cee0b4ada
Red Hat Security Advisory 2013-1041-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.2.0, and includes bug fixes and enhancements.
01a332930e3b54aa66e37d38faf5261be617f0a2b3b9a9b5193cf5c0fd7a030f
Drupal Stage File Proxy third party module version 7.x suffers from a denial of service vulnerability.
23967aa8e46741d57dfe02f01047b63ebac959fb12239ac77670027003d32d69
Adobe Reader version 11.0.03 installs multiple vulnerable third party components.
92867cb438017412891299d6363d515d6e808f27508933657856de2352bdc38c
Drupal Hatch third party theme version 7.x suffers from a cross site scripting vulnerability.
f13583226935979ac339ab88cc43455edebe5790b423925913ad8bfd7f015381
Slackware Security Advisory - New dbus packages are available for Slackware 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2168.
6abf1900c85eae20f638426b2b7e6222d61f46c0eac24cd85c96f33b1e60511f
Red Hat Security Advisory 2013-1035-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.297.
e8bc26abdaf96a6fb979f546c978c89aea6c18520be6a6a31742796a55e81afe