Red Hat Security Advisory 2014-0328-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system.
89d9790834be4c375db2c9b80b34a6a4d366543a7220b333921532be2e3a6db5Ubuntu Security Notice 2155-1 - Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to possibly bypass certain intended environment variable restrictions.
bdab8f1f7c649a8126f6b3e5005887d52b74e90bdcf86a7ec2876e9b2f3169bbWinRAR version 4.20 suffers from a file extension spoofing vulnerability.
82cbbc5f4144a0fc90c9e134c84a23a3de5dbc828d91d37dafd7aa754218b05cNagios 3.5.0 suffers from an off-by-one memory access vulnerability.
69651640bf2e907cef3c5b36888f005619b1f471351155a6054b7efd9226bb08Icinga version 1.9.1 suffers from buffer overflow and off-by-one memory access vulnerabilities.
a80f7605d0c312fc041a1a22841376ec743fc06341d21397c2f1cd1348d95d96check_mk version 1.2.2p2 suffers from possible command execution, cross site request forgery, cross site scripting, and arbitrary deletion vulnerabilities.
805993d64a93f7667967f255ea59069a2875f8da5ef1aed9aa89e3ee8e21f148Cacti version 0.8.7g suffers from stored cross site scripting, cross site request forgery, and possible command execution vulnerabilities.
a60f85a2d28f7d6505f3ecacf176ca9ddaef9f4003db247563075b71d7f4162dUbuntu Security Notice 2154-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20130906 package.
db0bb7598d0ce78b823879d8616fc042fa6c46ae17e6aa342b29fc69a0ba253aUbuntu Security Notice 2153-1 - Kees Cook discovered that initramfs-tools incorrectly mounted /run without the noexec option, contrary to expected behaviour.
0c0be50832191b5dd596c547394e1fef8f12e9e8ef6f54a4d8205d8eaaae8cdaRSA BSAFE MES 4.0.5 contains fix for a security vulnerability that could potentially be exploited by malicious users to deny access to the affected system.
dfe19b0d0c102e00ac21bfdce90d832a779c6e7fcfdf9adf1d7faa4dce766eeaDebian Linux Security Advisory 2883-1 - Several vulnerabilities have been discovered in the chromium web browser.
20d2cc124c759b4aeafe649d18d538e924cbb1dda3765de0b62d0d053aa72638Ubuntu Security Notice 2152-1 - Ning Zhang & Amin Tora discovered that the mod_dav module incorrectly handled whitespace characters in CDATA sections. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. Rainer M Canavan discovered that the mod_log_config module incorrectly handled certain cookies. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
70897e4a151774b44bf8ff4c6dde27469165bc65253008e06cba703d1f29a859Red Hat Security Advisory 2014-0323-01 - Red Hat JBoss Fuse 6.0.0 is an integration platform based on Apache ServiceMix. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0. It includes bug fixes, which are documented in the readme file included with the patch files.
4033631904ad3db4b86abd7def5c87820283de0a4d5d1c79aaedd5f2366bee35Red Hat Security Advisory 2014-0322-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A denial of service flaw was found in the way snmpd, the Net-SNMP daemon, handled subagent timeouts. A remote attacker able to trigger a subagent timeout could use this flaw to cause snmpd to loop infinitely or crash.
82b41a8b11f98433502f365e31a509572e514c0d50441c3f75ead69dbd1d31f9Red Hat Security Advisory 2014-0321-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file.
eed20b6823d411b76ec67ad4e096e4db4919dcef35c74801bb53e46ffbac5c15Debian Linux Security Advisory 2873-2 - It was discovered that the recent file update, DSA-2873-1, introduced a regression in the recognition of Perl scripts containing BEGIN code blocks.
139056d024e837938143454b0c60fea8616e2792361357360989db9949788139Ubuntu Security Notice 2151-1 - Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered an out-of-bounds read during WAV file decoding. If a user had enabled audio, an attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.
b9c5d05796f3964f78637e76f8a8bd653489461cb18c7c6f49a37f26b22188a3An authenticated Nessus scan of a target machine may result in local privilege escalation on that target machine if scanned with the Malicious Process Detection plugin (Plugin ID 59275). The Malicious Process Detection plugin created a service which ran as SYSTEM however this binary could be modified by a low level user allowing for privilege escalation. Nessus appliance engine version 5.2.1 the plugin set 201402092115 is affected.
8648f4d711efe44b31bdee0acb14cb37b88fd4f1a78ae2f87ff9765acf082452Mandriva Linux Security Advisory 2014-066 - A vulnerability has been found and corrected in mozilla NSS. In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. The updated packages have been upgraded to the latest NSPR and NSS versions which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to version 1.97, which adds, removes, and distrusts several certificates.
3744078e3d10024e3dbb4c8a6fcc1632a55fb1a945271f81437b6a35e2bcc023Debian Linux Security Advisory 2882-1 - Multiple cross-site scripting (XSS) vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attackers can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copy_move.php, functions.php, header.php and upload.php.
e3053e7347129fdb8313688624203b8e5e42f057cbd0d08621883f98cf90f5f2Mandriva Linux Security Advisory 2014-065 - Multiple vulnerabilities has been found and corrected in apache. XML parsing code in mod_dav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provider is mod_dav_svn. A flaw was found in mod_log_config. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM. The updated packages have been upgraded to the latest 2.2.27 version which is not vulnerable to these issues.
1ec6081089af1f4946cff5868c0d43bfeb1b19c4c7462f3ba46e3d8c8a2f59b2Debian Linux Security Advisory 2859-2 - Multiple vulnerabilities have been discovered in pidgin, a multi-protocol instant messaging client. In addition to fixing the vulnerabilities, this revision specific to the oldstable distribution (squeeze), reduces the supported protocols to: IRC, Jabber/XMPP, Sametime, and SIMPLE.
aba1f849829ba8b4b5d0c17cadf3cbcacb429fe9d1e6e2c22f31c36f5d4b0a25Gentoo Linux Security Advisory 201403-5 - Two vulnerabilities have been found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. Versions less than 24.1-r1 are affected.
fcc71b90de871eaffab6688a5962d6a9a3a70a8af03b82173b7f3b5e9b07ba7fEMC Connectrix Manager Converged Network Edition (CMCNE) version 12.1.2 contains a potential security vulnerability through the FileUploadController servlet that is used to import firmware files to Connectrix Manager's repository. Due to insufficient input validation, attackers can potentially import arbitrary files to the EMC Connectrix Manager server.
fc0ee79237ba4c04837935f03a177c4f57881d01e8283fcaacdee610eaa13586Cisco Security Advisory - Cisco AsyncOS Software for Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) contain a vulnerability that could allow an authenticated remote attacker to execute arbitrary code with the privileges of the root user. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
4f7a4de55ce594d2a820d830d3f7961b0b2b3406ee721b3eb1b7ddb200030251
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed