Red Hat Security Advisory 2013-1866-01 - This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect.
accda667f78ff8099981a0fb59405a2a11831ff79f0da1e0432215a6689d219aRed Hat Security Advisory 2013-1861-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
b93ebb2cfc02975514c3187ccec01ca30870a5a28128e15aeec38b0985d7c860Red Hat Security Advisory 2013-1863-01 - Candlepin is an open source entitlement management system. It tracks the products which an owner has subscribed too, and allows the owner to consume the subscriptions based on configurable business rules. It was discovered that, by default, Candlepin enabled a very weak authentication scheme if no setting was specified in the configuration file. This issue was discovered by Adrian Likins of Red Hat. Note: The configuration file as supplied by Subscription Asset Manager 1.2 and 1.3 had this unsafe authentication mode disabled; however, users who have upgraded from Subscription Asset Manager 1.1 or earlier and who have not added "candlepin.auth.trusted.enable = false" to the Candlepin configuration will be affected by this issue.
82cfd38b99f73b14f049059fef5ce7bf585ea677694c6aa4c0762a3140ab6cb0Red Hat Security Advisory 2013-1865-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support for Red Hat Enterprise Linux 3 will be retired as of January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support channel for Red Hat Enterprise Linux 3.
8528ad7b7a7ff0980f963bbeb4eec2779b4305466de28e693b34a3a00fae7f28Red Hat Security Advisory 2013-1862-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P1 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes bug fixes.
cc87f20cac05b2c2a2ca841231613b725778a23e0f081c95d5e236ae38911461Red Hat Security Advisory 2013-1860-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.
301f5f962b95816587d1a1fb7f9d8ff0a219a188b36d79a20ef0aea295b1c9d3Red Hat Security Advisory 2013-1864-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.3 will be retired as of June 30, 2014, and support will no longer provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.3 EUS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after June 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.3.
e952825d980f1e571ea253661845f87d9c403fbe10076c0da8cbf497c7ba3fe5Ubuntu Security Notice 2061-1 - Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles.
4a72e7e031b8599672568b6b6d3ccbed930204fea6f3cf3ccf813dc6f2eeac03Ubuntu Security Notice 2060-1 - Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information.
ada724d80f6116cda0c73d2efd4024177e4c219c100094a3b9792cfeff4db895Debian Linux Security Advisory 2824-1 - Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend.
f55a219a32ddbe9db5c005f18ae0103bf4244fbfe1a1a81408c6f333202d9d95Mandriva Linux Security Advisory 2013-295 - Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts. The updated packages have been patched to correct this issue.
3c334674013ce601808d392c2122d76c04aab3c1e8475ddbd9575f0e0687ed02The EMC DPA Illuminator service (DPA_Illuminator.exe) listening on port 8090 (tcp/http) and 8453 (tcp/https) embeds JBOSS servlets (JMXInvokerServlet and EJBInvokerServlet). These JBOSS servlets are vulnerable to a remote code execution vulnerability that allows for execution with NT AUTHORITY\SYSTEM privileges.
9eb60d2f0166c8c5ad74885e575d95784550f7cfa020c432d1df57b5cc8a29c8Revive Adserver versions 3.0.1 and below suffer from a remote SQL injection vulnerability. The XML-RPC delivery invocation script was failing to escape its input parameters in the same way the other delivery methods do, allowing attackers to inject arbitrary SQL code via the "what" parameter of the delivery XML-RPC methods. Also, the escaping technique used to handle such parameter in the delivery scripts was based on the addslashes PHP function and has now been upgraded to use the dedicated escaping functions for the database in use.
aae6d650022d7cd159dfd9c7aa3425dd04b9ca82313106207d0a48c48043025fApple Security Advisory 2013-12-19-1 - An integer overflow existed in the handling of .motn files which led to an out of bounds memory access. This issue was addressed through improved bounds checking.
83fb4a6f570da86bd1acecf2795a558c8f827f1a3a1eadb210d497faad840f22RSA Archer GRC versions 5.4 P2 and 5.4 SP1 contain fixes for multiple cross site scripting vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
2ce8ca4e1e93acdd8a8433a7feff22bda50be99dc851f0979581da0574f407d2The Apache Santuario XML Security for Java project is vulnerable to a Denial of Service (DoS) type attack leading to an OutOfMemoryError, which is caused by allowing Document Type Definitions (DTDs) when applying Transforms. From the 1.5.6 release onwards, DTDs will not be processed at all when the "secure validation" mode is enabled.
8718e8b28ba92f0c8d1021a89a00f91b0c89c346b43d6b5dba5031eb339cb16cHP Security Bulletin HPSBGN02950 - A potential security vulnerability has been identified in HP Autonomy Ultraseek. The vulnerability could be exploited as cross-site scripting (XSS). Revision 1 of this advisory.
e4fb0ebcfafaf42700c0a3aacf329b2205389329661f3cecad27218e4cb439bfDrupal Ubercart third party module versions 6.x and 7.x suffer from a session fixation vulnerability.
9ec60eea550b5d680533fd41cd5b758f5099d04826925243e66b12879d6ec282Hancom Office 2010 SE suffers from a buffer overflow vulnerability when parsing the TEXTART tag in .hml files. Version 8.5.8 is vulnerable.
05541c8cc40849ea336d882d7811dc128a0cb46699ad4e48d5f4108d8f73f066Ubuntu Security Notice 2059-1 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. A local attacker could use this attack to possibly recover private keys.
16ac9e783f1fa692c48f7890174bad76117c06f8e39951e4f7f09ea68b7bdfafMandriva Linux Security Advisory 2013-294 - Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a large blue color mask in an XWD file. Integer overflow in the load_image function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large color entries value in an X Window System image dump. Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an X Window System image dump with more colors than color map entries. The updated packages have been patched to correct these issues.
0c589706e06de2ee17c8adb14f2b13ecc5fc630ee2176e6b974e94db33c91251Debian Linux Security Advisory 2822-1 - Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.
66fcbb72905303854553c318110502945ae96573c41cae030df8ed60812bede3Debian Linux Security Advisory 2823-1 - Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code.
b8a639a177afca1986b40d6051d055f2f313629e9a1e2173c1b845c9f2956f34Debian Linux Security Advisory 2821-1 - Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts.
2c2d8746bfc6dea5665e9588d1a565e9aff727d819902a5cb1828388f1e982a2Mandriva Linux Security Advisory 2013-293 - An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
5e3bd9cac00599b26a7ec924df38599d0f1f666d992b0dd3e71b25bca6772aea
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed