Red Hat Security Advisory 2013-1603-02 - Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file.
390b92c4abaa15b7e89a39f5215aff24625e8e3e48eef514bab0df512a2a6246
Red Hat Security Advisory 2013-1591-02 - OpenSSH is OpenBSD's Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config man page. These updated openssh packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.
a4f28ff7392407cc2b25c64fb8ce70d6d9dd9cbe74095327d51804e531223977
Red Hat Security Advisory 2013-1536-02 - Libguestfs is a library and set of tools for accessing and modifying guest disk images. It was found that guestfish, which enables shell scripting and command line access to libguestfs, insecurely created the temporary directory used to store the network socket when started in server mode. A local attacker could use this flaw to intercept and modify other user's guestfish command, allowing them to perform arbitrary guestfish actions with the privileges of a different user, or use this flaw to obtain authentication credentials.
2ea5dead0a2607a799545568508db440ef0819dada2e1fe26cb1ae151696e649
Debian Linux Security Advisory 2798-2 - The update for curl in DSA-2798-1 uncovered a regression affecting the curl command line tool behaviour (#729965). This update disables host verification too when using the --insecure option.
ce1a6610897ebeb0ecc8600b5d5a1134408350f1241fe3beff51b07c1ce9e564
Drupal Core versions 6.x and 7.x suffer from PRNG weaknesses, cross site scripting and open redirection vulnerabilities.
8b71c2acab67fed36a5047f2121643a2cc7ad3f1855e24a59cd60198f53221de
Gentoo Linux Security Advisory 201311-13 - Multiple vulnerabilities have been found in OpenVPN, allowing remote attackers to read encrypted traffic. Versions less than 2.3.1 are affected.
d2f81af3f93b9da61e7132428ea1952938c2cc2f98696e6c78aa0f34389ff15f
Gentoo Linux Security Advisory 201311-12 - A vulnerability in Open DC Hub could result in execution of arbitrary code. Versions less than 0.8.2 are affected.
0639f78feef4b7766dd42b74cd9299e430c37af7bff8fced8f131c7c33e533f8
Gentoo Linux Security Advisory 201311-11 - A stack-based buffer overflow in CTorrent might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.3.2-r1 are affected.
737368af1259f8ff95a25fe794f06dd4030a9bc406f8acbd7d38c92617b20d93
Mandriva Linux Security Advisory 2013-270 - Multiple security issues was identified and fixed in mozilla NSPR and NSS. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues were also addressed.
89688cb44f72d5c0610b28222e48ec4e53e14de8388bf3ba17ef5960b2f31817
Mandriva Linux Security Advisory 2013-269 - Multiple security issues was identified and fixed in mozilla NSPR, NSS, and firefox. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues have also been addressed.
5ff6af659aa173d788e6b24e0437553faf1a51ae5b75cb0fcc5088c05d600b14
Ubuntu Security Notice 2031-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure.
3684065bb99c7b7f886ea12ba63ebd3fae46ae85cf46667f49f7d182e3e6f644
Drupal Entity Reference third party module version 7.x suffers from an access bypass vulnerability.
79ec26c04814cae95cfa614ef3c9cf049782c96bcc442b5a595e09eb5d56a74d
Drupal EU Cookie Compliance third party module version 7.x suffers from a cross site request forgery vulnerability.
c30c092d31ec22a4a89a6e7afd57a697d9bf85b456388e714e46ab976d71fbde
Drupal Organic Groups third party module version 7.x suffers from an access bypass vulnerability.
92946572ee7bab6bb347a2ad606428b2f2932f8a7baea52cf920cc0f1f180618
Drupal Invitation third party module version 7.x suffers from an access bypass vulnerability.
176d222c03bc1e9a7a15daf5f2ef794edc06ffc1f8f08ea0cb40c33dbcae33e5
Mandriva Linux Security Advisory 2013-268 - A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server.
a4c6115df5d048c850bad6f088d5ab624ebf5cb3604103dc810827abac8ee136
FreeBSD Security Advisory - A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during key exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user, thereby allowing a malicious user with valid credentials to bypass shell or command restrictions placed on their account.
878536e73df64b2ee9e3165866803aec2f9d6c286c5bb0c627ff2c9aed8e06fe
Mandriva Linux Security Advisory 2013-267 - Updated java-1.7.0-openjdk packages fix security vulnerabilities. Multiple input checking flaws were found in the 2D component native image parsing code. Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. Various other issues have also been addressed.
8b32231f3be824fc65edd36c6c741a539c6f8764b9f0b2df3642c98ec0f554d7
EMC Document Sciences xPression suffers from cross site request forgery, cross site scripting, remote SQL injection, open redirect, and directory traversal vulnerabilities.
e9ad599fa7aadd0343497f514a3525982b44b99c5dceb2b4c2ce1bfed295fcc7
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
a3301a042bc8d951719327c15f57d7d9ef9ae27d0ca6bb827933869ea6a87b72
Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Related CVE Numbers: CVE-2013-4475,CVE-2013-4476.
6077253fad54c06ed812c11cc13d9cb3628acec4c093751ec33306900bdd44f0
Mandriva Linux Security Advisory 2013-266 - Updated java-1.6.0-openjdk packages fix security vulnerabilities. Multiple input checking flaws were found in the 2D component native image parsing code. Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. Various other issues were also addressed.
80f00ff11dce05f1425ec1702654ef4d49baaf3e1c0ad1a7b758127c08efd279
Slackware Security Advisory - New openssh packages are available for Slackware 14.1 and -current to fix a security issue. Related CVE Numbers: CVE-2013-4548.
0ec99ec21c4e670141a83c9c5c98eeacd33c86ad07dc08457b0a9ce52e6e078b
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues.
9664ec4fa4f868a394369a03400a8bfe78ad9682a2d514267d32851202799dd8
Gentoo Linux Security Advisory 201311-10 - Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions prior to 1.3.18 are affected.
e0c124eaa158477a4b9518946b776b08c9ff20ff126ef0c29d0bd17f28158e99