Red Hat Security Advisory 2013-1370-01 - JBoss Remoting is a framework for building distributed applications in Java. A denial of service flaw was found in the implementation of the org.jboss.remoting.transport.socket.ServerThread class in JBoss Remoting. An attacker could use this flaw to exhaust all available file descriptors on the target server, preventing legitimate connections. Note that to exploit this flaw remotely, the remoting port must be exposed directly or indirectly.
2f0f54c9bf0bedc63785e77d98aa09278bdb1703dde38881c983600ac09113c6
Red Hat Security Advisory 2013-1369-01 - JBoss Remoting is a framework for building distributed applications in Java. A denial of service flaw was found in the implementation of the org.jboss.remoting.transport.socket.ServerThread class in JBoss Remoting. An attacker could use this flaw to exhaust all available file descriptors on the target server, preventing legitimate connections. Note that to exploit this flaw remotely, the remoting port must be exposed directly or indirectly.
5eae1344af2f036e1eb2cc5d11543dcc94f1bdc9e855ae032c89cbc1225c8e98
Red Hat Security Advisory 2013-1375-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 5.3.1. It includes various bug fixes. The following security issue is also fixed with this release: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.
68bba849d3bdbb69ea196c5401a2ef2d4d9752eda2e2397b2820f5a265dde698
Red Hat Security Advisory 2013-1376-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired as of March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after March 31, 2014. Note: This notification applies only to those customers with subscriptions for Advanced Mission Critical Support channels for Red Hat Enterprise Linux 5.3.
73e1be0941bbe841098303dafdb3f0a360f6a6363c3bbfa8e868726c767076d2
Red Hat Security Advisory 2013-1371-01 - JBoss Remoting is a framework for building distributed applications in Java. A denial of service flaw was found in the implementation of the org.jboss.remoting.transport.socket.ServerThread class in JBoss Remoting. An attacker could use this flaw to exhaust all available file descriptors on the target server, preventing legitimate connections. Note that to exploit this flaw remotely, the remoting port must be exposed directly or indirectly.
c60ac65bfa45cb3d4be939b34b4835db8d1dbe092a33f15ab0e6681305bd22f0
Red Hat Security Advisory 2013-1374-02 - JBoss Remoting is a framework for building distributed applications in Java. A denial of service flaw was found in the implementation of the org.jboss.remoting.transport.socket.ServerThread class in JBoss Remoting. An attacker could use this flaw to exhaust all available file descriptors on the target server, preventing legitimate connections. Note that to exploit this flaw remotely, the remoting port must be exposed directly or indirectly.
3822abe88fd2ebf9b45491a6d40dc1b60480b52dc968deb86d2651b5574eb0b3
Red Hat Security Advisory 2013-1373-03 - JBoss Remoting is a framework for building distributed applications in Java. A denial of service flaw was found in the implementation of the org.jboss.remoting.transport.socket.ServerThread class in JBoss Remoting. An attacker could use this flaw to exhaust all available file descriptors on the target server, preventing legitimate connections. Note that to exploit this flaw remotely, the remoting port must be exposed directly or indirectly.
ddea4eefe0ddb69240fa95146916bba81da877d0f75d2b461375422c1266a816
Red Hat Security Advisory 2013-1372-01 - JBoss Remoting is a framework for building distributed applications in Java. A denial of service flaw was found in the implementation of the org.jboss.remoting.transport.socket.ServerThread class in JBoss Remoting. An attacker could use this flaw to exhaust all available file descriptors on the target server, preventing legitimate connections. Note that to exploit this flaw remotely, the remoting port must be exposed directly or indirectly.
96619b0ad46c1cfa53e0dd9412fc689817f4d6769a86fcf4b024944eb95418d2
Ubuntu Security Notice 1981-1 - It was discovered that HPLIP incorrectly handled temporary files when using the fax capabilities. A local attacker could possibly use this issue to overwrite arbitrary files. This issue only applied to Ubuntu 10.04 LTS. Tim Waugh discovered that HPLIP incorrectly handled temporary files when printing. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and Ubuntu 12.10, this should be prevented by the Yama link restrictions. Various other issues were also addressed.
caed288246bf5bbcc535583ccaac571bc9aa7120e7c761f550150017c7e8dddc
Ubuntu Security Notice 1977-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.
9bcca0bc7a1d69809d8c472f7ee00b8e94a9064a972136ecf68fadf65156fd8e
Ubuntu Security Notice 1979-1 - Patrick J Cherry discovered that txt2man contained leftover debugging code that incorrectly created a temporary file. A local attacker could possibly use this issue to overwrite arbitrary files. In the default Ubuntu installation, this should be prevented by the Yama link restrictions.
f4d5073ca30139fcdb4c84c26250e6fafe08effaafd26c55c42ece53578c1ab4
Ubuntu Security Notice 1980-1 - Jonathan Claudius discovered that Vino incorrectly handled closing invalid connections. A remote attacker could use this issue to cause Vino to consume resources, resulting in a denial of service.
b22d7432e930f96bb7c0251a219c0f000e6805edc6cde35f9a411c55248ef6d8
Ubuntu Security Notice 1976-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.
9aa1649709dc1c7faa282c3d1189b01172f6c3015e4818589969a25d8f9e046a
Ubuntu Security Notice 1978-1 - It was discovered that libKDcraw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against libKDcraw could be made to crash, resulting in a denial of service.
6d8a53bf2ff631e9570f57da2208f08293846cf2d28a1b7ca8d15babdb745d58
Mandriva Linux Security Advisory 2013-244 - Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation. The updated packages have been patched to correct this issue.
af7482beeb30b5336944896057c8df7f6c9b5cb4480241b35162b432c91c28d1
Debian Linux Security Advisory 2767-1 - Kingcope discovered that the mod_sftp and mod_sftp_pam modules of proftpd, a powerful modular FTP/SFTP/FTPS server, are not properly validating input, before making pool allocations. An attacker can use this flaw to conduct denial of service attacks against the system running proftpd (resource exhaustion).
c168f2c8db8e3b37fe841ca599eabc5bfb2e009d8d467c911111d28986bd4846
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0 and -current to fix security issues.
1bb62992b4987cf317f491eda1c405c6939d3e15837d103ddd9deb8508150d29
Debian Linux Security Advisory 2766-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
6db36db0cf544b0d71fd346914fc4f771d7d6bf477af2e61c0f394af113ed5df
Open-Xchange AppSuite versions prior to 7.2.2 suffer from multiple script insertion vulnerabilities.
2aba5dc117224326084b059611da7da81490ea0864a710e358a670e17e8c5326
Apache Camel versions 2.9.0 to 2.9.7, 2.10.0 to 2.10.6, 2.11.0 to 2.11.1, and 2.12.0 suffers from a remote command execution vulnerability based on how message headers are interpreted.
1f20fed4bf0aae4159245be3336a4b327d8066c6bab740968ed8bf4deb7260c6
Apple Security Advisory 2013-09-26-1 - iOS 7.0.2 is now available and addresses passcode lock security issues.
78bf4e20d83550ac24d39029e21f9d8b24c89776198824bbd44cccb8bcf7fc0d
Ubuntu Security Notice 1969-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
47ad35992bbbc67f1cad43435747f29f94d5e87efbbfdb5dbc82e51fb177331e
Ubuntu Security Notice 1970-1 - Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). A failure to validate block numbers was discovered in the Linux kernel's implementation of the XFS filesystem. A local user can cause a denial of service (system crash) if they can mount, or cause to be mounted a corrupted or special crafted XFS filesystem. Various other issues were also addressed.
5e12e33f49f1f5bf8779cfbdf49aaa4a002bb629cab6b20abc2852352af78ec2
Mandriva Linux Security Advisory 2013-243 - A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges.
91ca06b6329364c75747c0f85a55c45bc6033f08b2e6bb7fa73577a3bf412762
Gentoo Linux Security Advisory 201309-22 - Multiple vulnerabilities have been found in Squid, possibly resulting in remote Denial of Service. Versions less than 3.2.13 are affected.
0c44f7d361e4ed8a9c424771c417f381ffacb9d1092ef7260b173349c11cc6d9