Debian Linux Security Advisory 2891-1 - Several vulnerabilities were discovered in MediaWiki, a wiki engine.
cd5776f1a1d81c9161dcf857098c8b2d1dd8f0ecc0834c564f76e6445537d711
Debian Linux Security Advisory 2890-1 - Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework.
27f9ee57599c732f28379d5fd74abab6f97c737a3bcf24f10c2f7392d21aa918
Red Hat Security Advisory 2014-0344-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
3f3acd558c38d4a1ccfb6f2b8bec52c3ae93d8bb93ba8db626244df22e8c8a38
Red Hat Security Advisory 2014-0342-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
fb4636b121cc06c3f8f983ea3435be6d5e3e08969f2723469ce849ffee9c90ce
Red Hat Security Advisory 2014-0345-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
d60440c19355c7c09e42866458a7ac9981825da1b0b456b641cb370c61340940
Red Hat Security Advisory 2014-0343-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
2c3501de41dad7648e0b0ec1fc7cf09a1c34b786bb2e3f7402306edcde85d3e2
Red Hat Security Advisory 2014-0341-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
b531a7447c88b6daa2a1487c069a72622b42551b72216051e073e1ca4e49bc98
Red Hat Security Advisory 2014-0340-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 1 after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 1 after this date. We encourage customers to plan their migration from Red Hat Enterprise Developer Toolset Version 1 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product.
fad6fd6b2752093091cbe4719dd22ca5b0fd8130476fe260d36fe381ec81137d
Red Hat Security Advisory 2014-0339-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.
27433747bde26addd9b3464670fd4f3098c0354c6a1ecdaa823c9aff3f2c26ee
Debian Linux Security Advisory 2891-2 - In the Mediawiki update issued as DSA 2891-1, a few files were missing from the package. This update corrects that problem.
9f5bf02fc06867cb3e9bab406d4c6f55a8099580c8d026245672cf4672def2a2
Apache ModSecurity versions prior to 2.7.6 appears to suffer from a filter evasion vulnerability via chunked requests.
b4577633493ef0b6de597cd73adb4abb6e8f136bc25547ae839a067e7209bd00
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
62e2803d1077490bc2ecda2387b52e9eb3db0fc8c4b9ce06938637ceff9ae9f1
Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
3de211c34bb48756bad2a6643d32350fc340d729d5c68ece7d1a140aa017252b
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1, and -current to fix security issues.
d20713213e1f498660bb8b43f4fbc662136bfc2b790071d4f7b2be3a9b9051da
Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
6120fb4a8bf6d6ae054f4a491f7039bf7641e93ba9382dbe574ea9e812474ccc
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, and -current to fix security issues.
334938e89e2d3072c73f300991ac514dc6ea30b1d9b395eb8f4969e48e99e779
Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
11220e483e0470a5c002fab2accd9c67a8f9231abc1cf27ee995893039c1e38c
Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
4fbd2389486aa3af7ea8d9c620951216e696c1a2f7cd4f5c668793bc276a08f3
Debian Linux Security Advisory 2889-1 - An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database.
6c98896315477340680db98e02791077026f5bb90eef2f49e4ff280754b1c63a
Debian Linux Security Advisory 2888-1 - Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.
423a0919621086aaccc30b1f280aaa8df27b793c92b30df5b3341a89bb7b74d0
Symantec LiveUpdate Administrator versions 2.3.2.99 and below suffer from password reset and remote SQL injection vulnerabilities.
11f001616a25bdfdf4be738bd0ef7f77bf985f9f7a0f5c873331ffa8305ed340
LibYAML versions 0.1.5 and below are affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow.
801017e1ff1d3bdeae05eeef0c85d7625a0088eef454bd42667d1a259ef47ff8
HP Security Bulletin HPSBST02968 2 - A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. Revision 2 of this advisory.
381ca615d8d8fface93b274db6423d82a2e18741438d20d4c269d5e2cb2270f8
Debian Linux Security Advisory 2887-1 - Aaron Neyer discovered that missing input sanitizing in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message.
a3b48a31da8b85333d9e14e6c946b5b226635072b357a1c97013b03a850b0350
EMC VPLEX GeoSynchrony versions 4.0 through 5.2.1 suffer from path traversal, timeout validity, session fixation, and various other vulnerabilities.
865ebcefce882874598ff43ecc2a95087b307183385a9a725bb5ad0baf892e95