Ubuntu Security Notice 2096-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.
3642a965005a189450ebb9a7da63b4405f4feb956e8633f63544fba0c47da057
Debian Linux Security Advisory 2849-1 - Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user.
e4374fce83aed240b963cb7cda80af3bb13e0f47110d7536c46a7b643757f807
Ubuntu Security Notice 2095-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.
ca8a6e458cf823bb6dbd65dc2b895cf52f5e38bd8da50a892074bcbfa99a76b9
Ubuntu Security Notice 2094-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.
faa4dd51c8b2fc6a08a0eacbf4b60dad67d7f8c44bca960b5e7b6ee945035133
WordPress Contact Form 7 versions 3.5.3 and below suffer from a remote shell upload vulnerability.
a9b2be4594160bcca7766b6d73934f9f3c1a86a30c2cc6b9f5ee48d581468d96
Ubuntu Security Notice 2092-1 - Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
a805b7c2b775979752f92df1d19d0c1c355c2e1f45538b4ccadf8116e6353ce4
Ubuntu Security Notice 2093-1 - Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.
032ca50e203209008802c8c3ca9a824cd426e58b63c9f66f362b20a90858c799
Red Hat Security Advisory 2014-0124-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.
6b5de573b4efbf33e08e0dd89c9ba0e4332d534ab60be7b5382c9263c949b033
Red Hat Security Advisory 2014-0113-01 - The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was discovered in the way the LDAP backend in keystone handled the removal of a role. A user could unintentionally be granted a role if the role being removed had not been previously granted to that user. Note that only OpenStack Identity setups using an LDAP backend were affected. All openstack-keystone users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
4ed18adab99d93bc8ef3094e04168b8b3fbc0330b8728fb4595ecc73eb7dca15
Red Hat Security Advisory 2014-0112-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. It was discovered that enabling "qpid_protocol = ssl" in the nova.conf file did not result in nova using SSL to communicate to Qpid. If Qpid was not configured to enforce SSL this could lead to sensitive information being sent unencrypted over the communication channel. A flaw was found in the way OpenStack Compute controlled the size of disk images. An authenticated remote user could use malicious compressed qcow2 disk images to consume large amounts of disk space, potentially causing a denial of service on the OpenStack Compute nodes.
a9c329772cd7af8395cafb1ec06bc13482d54fac734c4e696e1724b928aaabec
Ubuntu Security Notice 2091-1 - This update disables the OTR v1 protocol to prevent protocol downgrade attacks.
c785bdb9b935770e2dfc02fa917fcde92b56401145719f85d6cd84d605e27ca4
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
191246e4649b609e4202d26d8789784f17b49c0d1ab475bc653ac4de35be5b5c
Drupal Tribune third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
8922901cd06fd3a4a6b5033006c05d50258b696c4b87a583e0b6d71bc6fbce48
Drupal Services third party module version 7.x suffers from multiple access bypass vulnerabilities.
2d54f256cc810c69585b7137d0fd722f6cc26ab73d4785ab51345dc1c38f18ce
Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
985394a529eb8e2dc205f756adfa22da2611ace7eea571d769bc2a3506915047
Gentoo Linux Security Advisory 201401-33 - A vulnerability has been found in the Digest-Base Perl module, allowing remote attackers to execute arbitrary code. Versions less than 1.170.0 are affected.
073b067938255df59111607a647be7a61207ceda164ae0bab0a2f2e8b3d64f0f
Gentoo Linux Security Advisory 201401-34 - Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service. Versions less than 9.9.4_p2 are affected.
08788290f886b257bb5cf19d5da72a1cebe9c1902c834380c2cebb552a875e12
Red Hat Security Advisory 2014-0108-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Xen hypervisor did not always lock 'page_alloc_lock' and 'grant_table.lock' in the same order. This could potentially lead to a deadlock. A malicious guest administrator could use this flaw to cause a denial of service on the host.
8f46a6282e67a95809d58fc3a16c9ecccc57553d3af6f14af2ff8aeda8c5d557
Red Hat Security Advisory 2014-0103-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process.
7b1d521f318669771a8ca7881bbfac85e4135dc68581fe3f44db9e5bd6c4a001
Red Hat Security Advisory 2014-0100-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. A flaw was found in the way the perf_trace_event_perm() function in the Linux kernel checked permissions for the function tracer functionality. An unprivileged local user could use this flaw to enable function tracing and cause a denial of service on the system.
727398f9fbb6e96f7d037aef65ed857962d0af32a4a9cdc6be996dd37bd672bc
Red Hat Security Advisory 2014-0097-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA and JNDI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
d6c46da6e6196bf434c1abc74c11d4a1fdfeda4311748d9127d820417c0b81c2
Ubuntu Security Notice 2090-1 - Christoph Biedl discovered that Munin incorrectly handled certain multigraph data. A remote attacker could use this issue to cause Munin to consume resources, resulting in a denial of service. Christoph Biedl discovered that Munin incorrectly handled certain multigraph service names. A remote attacker could use this issue to cause Munin to stop data collection, resulting in a denial of service. Various other issues were also addressed.
9c8d01b8e70bc4f3a5f414f2dc8713567e394adfd827979b3f1c4c0a8536d8ad
Gentoo Linux Security Advisory 201401-32 - Multiple vulnerabilities were found in Exim, the worst of which leading to remote execution of arbitrary code with root privileges. Versions less than 4.80.1 are affected.
e3a4e4748cd68f2fd685d0f69f6b2dbf2c95867f71a5d365a61fe7544703c801
Gentoo Linux Security Advisory 201401-31 - A vulnerability in CEDET could result in privilege escalation. Versions less than 1.0.1 are affected.
ab7bb490c3fd700b83a908871b299962a18eb2f3324acb6c787cf00e592551c1
Gentoo Linux Security Advisory 201401-30 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Versions less than or equal to 1.6.0.45 are affected.
72f2aefba431a697c1d570fbb434eb79207fb4a72606cbe6c7ddb60e387613d9